From 51441dfa8df31812735ad6bea1724c0e09731128 Mon Sep 17 00:00:00 2001
From: alyssadev <alyssa.dev.smith@gmail.com>
Date: Sun, 17 Sep 2023 13:34:03 +1000
Subject: [PATCH] moved auth to kv

---
 src/index.js  | 29 +++++++++++++++++------------
 wrangler.toml |  5 +++--
 2 files changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/index.js b/src/index.js
index ec9da17..230900c 100644
--- a/src/index.js
+++ b/src/index.js
@@ -12,16 +12,21 @@ function makeid(length) {
     return result;
 }
 
-function checkAuth(request) {
+async function checkAuth(request) {
     const auth = request.headers.get("Authorization");
-    return auth === AUTH_KEY;
+    const auth_check = await AUTH.get(auth)
+    console.log(auth, auth_check)
+    return Boolean(auth_check);
 }
 
 function getHost(request) {
     return request.headers.get("Host")
 }
 
-async function add(host,path,request) {
+async function add(request,host,path) {
+    const auth = await checkAuth(request)
+    if (!auth)
+        return new Response("Only GET requests allowed to unauthed users", {status:403});
     if (!request.headers.get("content-type"))
         return new Response("No URL provided", {status:400})
     const data = await request.formData()
@@ -50,14 +55,18 @@ async function add(host,path,request) {
     return new Response(`https://${host}/${path}`, {status:201})
 }
 
-async function remove(host,path) {
+async function remove(request,host,path) {
+    const auth = await checkAuth(request)
+    if (!auth)
+        return new Response("Only GET requests allowed to unauthed users", {status:403});
     if (!path) return new Response("No path provided",{status:400})
     path = path.toLowerCase()
     await KV.delete(path)
     return new Response(`DELETE https://${host}/${path}`, {status:200})
 }
 
-async function get(host,path,auth) {
+async function get(request,host,path) {
+    const auth = await checkAuth(request)
     if (!path && auth) {
         const { keys } = await KV.list()
         let paths = ""
@@ -79,16 +88,12 @@ async function handleRequest(request) {
         case "PUT":
         case "POST":
         case "PATCH":
-            if (!checkAuth(request))
-                return new Response("Only GET requests allowed to unauthed users", {status:403});
-            return add(host,path,request)
+            return add(request,host,path)
         case "DELETE":
-            if (!checkAuth(request))
-                return new Response("Only GET requests allowed to unauthed users", {status:403});
-            return remove(host,path)
+            return remove(request,host,path)
         case "HEAD":
         case "GET":
-            return get(host,path,checkAuth(request))
+            return get(request,host,path)
         default:
             return new Response("Method not allowed", {status:405})
     }
diff --git a/wrangler.toml b/wrangler.toml
index 84fac0b..4bdd2d3 100644
--- a/wrangler.toml
+++ b/wrangler.toml
@@ -1,12 +1,13 @@
 name = "linkie"
 main = "src/index.js"
 workers_dev = true # used for test.py
-compatibility_date = "2023-09-14"
+compatibility_date = "2023-09-04"
 routes = [
   { pattern = "s.aly.pet", custom_domain = true }
 ]
 kv_namespaces = [
-  { binding = "KV", id = "7214e776a3da4ccd9f9fe5b6c3d3f781" }
+  { binding = "KV", id = "7214e776a3da4ccd9f9fe5b6c3d3f781", preview_id = "a36f8dde95cb46d988812e051729fbe8" },
+  { binding = "AUTH", id = "6cea477e20a44fb5933482255fc77447", preview_id = "1cd25bb358194925ad1ba2cf163c80c0" }
 ]
 [vars]
 REDIR_URL = "https://aly-smith.carrd.co/"