feat: Implement Bearer token authentication for /post-event endpoint

whoabuddy · whoabuddy · commit 4bdb2fccdc9e · 2025-04-17T11:02:39.000-07:00
diff --git a/src/durable-objects/chainhooks-do.ts b/src/durable-objects/chainhooks-do.ts
@@ -50,6 +50,13 @@ export class ChainhooksDO extends DurableObject<Env> {
 						});
 					}
 
+					// Check authentication
+					if (!this.validateAuthToken(request)) {
+						throw new ApiError(ErrorCode.UNAUTHORIZED, {
+							reason: 'Invalid or missing authentication token',
+						});
+					}
+
 					return await this.handlePostEvent(request);
 				}
 
@@ -187,4 +194,26 @@ export class ChainhooksDO extends DurableObject<Env> {
 			});
 		}
 	}
+
+	/**
+	 * Validates the authentication token from the request
+	 * 
+	 * @param request - The incoming request
+	 * @returns boolean indicating if the token is valid
+	 */
+	private validateAuthToken(request: Request): boolean {
+		// Extract the Authorization header
+		const authHeader = request.headers.get('Authorization');
+		
+		// Check if the header exists and has the correct format
+		if (!authHeader || !authHeader.startsWith('Bearer ')) {
+			return false;
+		}
+		
+		// Extract the token
+		const token = authHeader.replace('Bearer ', '');
+		
+		// Compare with the stored token
+		return token === this.env.CHAINHOOKS_AUTH_TOKEN;
+	}
 }
diff --git a/worker-configuration.d.ts b/worker-configuration.d.ts
@@ -5,6 +5,7 @@ export interface Env {
 	HIRO_API_KEY: string;
 	SUPABASE_URL: string;
 	SUPABASE_SERVICE_KEY: string;
+	CHAINHOOKS_AUTH_TOKEN: string; // Auth token for chainhooks POST endpoint
 	BNS_API_DO: DurableObjectNamespace<import('./src/index').BnsApiDO>;
 	HIRO_API_DO: DurableObjectNamespace<import('./src/index').HiroApiDO>;
 	STX_CITY_DO: DurableObjectNamespace<import('./src/index').StxCityDO>;
