From 4e20c4ac567bff03839ab0a97f3f4e3f412be145 Mon Sep 17 00:00:00 2001
From: Hristo <53634432+izo0x90@users.noreply.github.com>
Date: Fri, 10 May 2024 18:11:23 -0400
Subject: [PATCH] Finalizes option to secure backend http endpoints with a
 token

- Also fixes to build commands in makefile
---
 Makefile                |  6 ++++--
 app-docker-compose.yaml |  2 +-
 app.dockerfile          |  4 ++--
 docker-compose.yaml     |  7 ++++---
 src/app.ts              | 10 ++++++----
 src/auth.ts             |  5 +++--
 ui/lib/config.ts        |  7 ++++---
 7 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/Makefile b/Makefile
index cef1169..7c495e2 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,8 @@ run:
 
 .PHONY: rebuild-run
 rebuild-run:
-	docker compose -f docker-compose.yaml up --build
+	docker compose -f docker-compose.yaml build --no-cache \
+	&& docker compose -f docker-compose.yaml up
 
 
 .PHONY: run-app-only
@@ -15,4 +16,5 @@ run-app-only:
 
 .PHONY: rebuild-run-app-only
 rebuild-run-app-only:
-	docker compose -f app-docker-compose.yaml up --build
+	docker compose -f app-docker-compose.yaml build --no-cache \
+	&& docker compose -f app-docker-compose.yaml up
diff --git a/app-docker-compose.yaml b/app-docker-compose.yaml
index 4bfef32..8f38b80 100644
--- a/app-docker-compose.yaml
+++ b/app-docker-compose.yaml
@@ -4,7 +4,7 @@ services:
       context: .
       dockerfile: app.dockerfile
       args:
-        - SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
+        - NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
         - NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api
         - NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS}
     expose:
diff --git a/app.dockerfile b/app.dockerfile
index 3e67ee4..3f0a7c3 100644
--- a/app.dockerfile
+++ b/app.dockerfile
@@ -2,11 +2,11 @@ FROM node:alpine
 
 ARG NEXT_PUBLIC_WS_URL
 ARG NEXT_PUBLIC_API_URL
-ARG SUPER_SECRET_KEY
+ARG NEXT_PUBLIC_SUPER_SECRET_KEY
 
 ENV NEXT_PUBLIC_WS_URL=${NEXT_PUBLIC_WS_URL}
 ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL}
-ENV SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
+ENV NEXT_PUBLIC_SUPER_SECRET_KEY=${NEXT_PUBLIC_SUPER_SECRET_KEY}
 
 WORKDIR /home/perplexica
 
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 3c0bb78..0559871 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -18,6 +18,7 @@ services:
         - SEARXNG_API_URL=null
     environment:
       SEARXNG_API_URL: "http://searxng:8080"
+      SUPER_SECRET_KEY: ${SUPER_SECRET_KEY}
       OPENAI: ${OPENAI}
       GROQ: ${GROQ}
       OLLAMA_API_URL: ${OLLAMA_API_URL}
@@ -35,9 +36,9 @@ services:
       context: .
       dockerfile: app.dockerfile
       args:
-        - SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
-        - NEXT_PUBLIC_API_URL=http://${REMOTE_BACKEND_ADDRESS}/api
-        - NEXT_PUBLIC_WS_URL=ws://${REMOTE_BACKEND_ADDRESS}
+        - NEXT_PUBLIC_SUPER_SECRET_KEY=${SUPER_SECRET_KEY}
+        - NEXT_PUBLIC_API_URL=http://127.0.0.1:3001/api
+        - NEXT_PUBLIC_WS_URL=ws://127.0.0.1:3001
     depends_on:
       - perplexica-backend
     expose:
diff --git a/src/app.ts b/src/app.ts
index 1406809..4109997 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -14,9 +14,15 @@ const server = http.createServer(app);
 
 const corsOptions = {
   origin: '*',
+  allowedHeaders: ['Authorization', 'Content-Type'],
 };
 
 app.use(cors(corsOptions));
+
+if (getAccessKey()) {
+  app.all('*', requireAccessKey);
+};
+
 app.use(express.json());
 
 app.use('/api', routes);
@@ -24,10 +30,6 @@ app.get('/api', (_, res) => {
   res.status(200).json({ status: 'ok' });
 });
 
-if (getAccessKey()) {
-  app.all('*', requireAccessKey);
-};
-
 server.listen(port, () => {
   logger.info(`Server is running on port ${port}`);
 });
diff --git a/src/auth.ts b/src/auth.ts
index 4255cfe..ecb88d4 100644
--- a/src/auth.ts
+++ b/src/auth.ts
@@ -1,8 +1,8 @@
 import {
   getAccessKey,
-} from '../config';
+} from './config';
 
-const requireAccessKey = (req, res, next) => {
+export const requireAccessKey = (req, res, next) => {
     const authHeader = req.headers.authorization;
 
     if (authHeader) {
@@ -11,6 +11,7 @@ const requireAccessKey = (req, res, next) => {
         if (token !== getAccessKey()) {
             return res.sendStatus(403);
         }
+
         next();
     } else {
         res.sendStatus(401);
diff --git a/ui/lib/config.ts b/ui/lib/config.ts
index de349c4..675cd8d 100644
--- a/ui/lib/config.ts
+++ b/ui/lib/config.ts
@@ -1,20 +1,21 @@
 interface Config {
   GENERAL: {
-    SUPER_SECRET_KEY: string;
+    NEXT_PUBLIC_SUPER_SECRET_KEY: string;
     NEXT_PUBLIC_API_URL: string;
+    NEXT_PUBLIC_WS_URL: string;
   };
 }
 
 const loadEnv = () => {
   return {
     GENERAL: {
-      SUPER_SECRET_KEY: process.env.SUPER_SECRET_KEY!,
+      NEXT_PUBLIC_SUPER_SECRET_KEY: process.env.NEXT_PUBLIC_SUPER_SECRET_KEY!,
       NEXT_PUBLIC_API_URL: process.env.NEXT_PUBLIC_API_URL!,
       NEXT_PUBLIC_WS_URL: process.env.NEXT_PUBLIC_WS_URL!
     },
   } as Config;
 };
 
-export const getAccessKey = () => loadEnv().GENERAL.SUPER_SECRET_KEY;
+export const getAccessKey = () => loadEnv().GENERAL.NEXT_PUBLIC_SUPER_SECRET_KEY;
 
 export const getBackendURL = () => loadEnv().GENERAL.NEXT_PUBLIC_API_URL;