Skip to content

Commit caea1cf

Browse files
committed
INT-192: Secure proxy endpoint
Secure proxy endpoint: - base on api key from webc header - check if proxy is enabled
1 parent 641edd2 commit caea1cf

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

src/Storefront/Controller/ProxyController.php

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Symfony\Component\HttpFoundation\JsonResponse;
1515
use Symfony\Component\HttpFoundation\Request;
1616
use Symfony\Component\HttpFoundation\Response;
17+
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
1718
use Symfony\Component\Routing\Annotation\Route;
1819

1920
#[Route(defaults: ['_routeScope' => ['storefront']])]
@@ -39,9 +40,22 @@ public function execute(
3940
ClientBuilder $clientBuilder,
4041
EventDispatcherInterface $eventDispatcher,
4142
): Response {
43+
if (!$this->config->isProxyEnabled()) {
44+
throw new NotFoundHttpException('Proxy is disabled.');
45+
}
46+
47+
$apiKey = $request->headers->get('x-ff-api-key');
48+
49+
if (!$apiKey) {
50+
return new JsonResponse(
51+
['message' => 'UNAUTHORIZED'],
52+
Response::HTTP_UNAUTHORIZED
53+
);
54+
}
55+
4256
$client = $clientBuilder
4357
->withServerUrl($this->config->getServerUrl() . '/')
44-
->withApiKey($this->config->getApiKey())
58+
->withApiKey($apiKey)
4559
->withVersion($this->config->getVersion())
4660
->build();
4761
$query = (string) parse_url($_SERVER['REQUEST_URI'] ?? '', PHP_URL_QUERY);

0 commit comments

Comments
 (0)