✨ Security for the gateway

2023-12-05 11:21:15 +01:00 · 2023-12-05 11:21:15 +01:00 · b07e25a439
commit b07e25a439
parent d7e1a051bc
2 changed files with 6 additions and 4 deletions
--- a/src/common/config/variables/Variables.ts
+++ b/src/common/config/variables/Variables.ts
@ -67,6 +67,9 @@ export class BackendVariables {
 	@IsNotEmpty()
 	public readonly PINATA_GATEWAY!: string;

+	@IsNotEmpty()
+	public readonly PINATA_GATEWAY_TOKEN!: string;
+
 	@IsNotEmpty()
 	public readonly ACCESS_TOKEN_SECRET!: string;

@ -150,6 +153,7 @@ export class BackendVariables {
 		this.PINATA_API_KEY = process.env["PINATA_API_KEY"]!;
 		this.PINATA_API_SECRET = process.env["PINATA_API_SECRET"]!;
 		this.PINATA_GATEWAY = process.env["PINATA_GATEWAY"]!;
+		this.PINATA_GATEWAY_TOKEN = process.env["PINATA_GATEWAY_TOKEN"]!;
 		this.ACCESS_TOKEN_SECRET = process.env["ACCESS_TOKEN_SECRET"]!;
 		this.REFRESH_TOKEN_SECRET = process.env["REFRESH_TOKEN_SECRET"]!;
 		this.MAILCHIMP_API_KEY = process.env["MAILCHIMP_API_KEY"]!;
@ -170,8 +174,6 @@ export class BackendVariables {
 		this.OVH_CONSUMER_KEY = process.env["OVH_CONSUMER_KEY"]!;
 		this.OVH_SMS_SERVICE_NAME = process.env["OVH_SMS_SERVICE_NAME"]!;
 		this.SMS_FACTOR_TOKEN = process.env["SMS_FACTOR_TOKEN"]!;
-
-		
 	}
 	public async validate(groups?: string[]) {
 		const validationOptions = groups ? { groups } : undefined;
@ -179,7 +181,7 @@ export class BackendVariables {
 		try {
 			await validateOrReject(this, validationOptions);
 		} catch (error: any) {
-			if (process.env["ENV"] === "dev" || process.env["ENV"] === 'stg') {
+			if (process.env["ENV"] === "dev" || process.env["ENV"] === "stg") {
 				throw error;
 			}
 			throw new Error("Some env variables are required!");
--- a/src/services/common/FilesService/FilesService.ts
+++ b/src/services/common/FilesService/FilesService.ts
@ -59,7 +59,7 @@ export default class FilesService extends BaseService {
 	public async download(uid: string) {
 		const file = await this.filesRepository.findOneByUid(uid);
 		if (!file?.key) return null;
-		const fileResult = await fetch(file.file_path);
+		const fileResult = await fetch(file.file_path.concat("?pinataGatewayToken=").concat(this.variables.PINATA_GATEWAY_TOKEN));
 		const fileArrayBuffer = await fileResult.arrayBuffer();
 		return { file: file, buffer: await this.cryptoService.decrypt(Buffer.from(fileArrayBuffer), file.key) };
 	}