wip

lukepolo · lukepolo · commit ee5fcadb836c · 2025-12-22T09:47:21.000-05:00
diff --git a/src/matches/match-relay/match-relay.service.ts b/src/matches/match-relay/match-relay.service.ts
@@ -38,6 +38,8 @@ export class MatchRelayService {
 
     const prime = path.shift();
 
+    console.info("prime", prime);
+
     if (prime == null || prime == "" || prime == "index.html") {
       this.respondSimpleError(uri, response, 401, "Unauthorized");
       return;
@@ -64,6 +66,11 @@ export class MatchRelayService {
         this.stats.new_match_broadcasts++;
       } else {
         if (prime == "sync") {
+          console.info({
+            uri,
+            param,
+            path,
+          });
           if (
             this.token_redirect &&
             this.match_broadcasts[this.token_redirect]
diff --git a/src/matches/match-relay/raw-body.middleware.ts b/src/matches/match-relay/raw-body.middleware.ts
@@ -1,17 +1,51 @@
-import { Injectable, NestMiddleware } from "@nestjs/common";
+import { Injectable, Logger, NestMiddleware } from "@nestjs/common";
 import { Request, Response, NextFunction } from "express";
 import * as express from "express";
+import { HasuraService } from "src/hasura/hasura.service";
+import { CacheService } from "src/cache/cache.service";
 
 @Injectable()
 export class RawBodyMiddleware implements NestMiddleware {
-  use(req: Request, res: Response, next: NextFunction) {
+  constructor(
+    private readonly hasura: HasuraService,
+    private readonly logger: Logger,
+    private readonly cache: CacheService,
+  ) {}
+
+  async use(request: Request, response: Response, next: NextFunction) {
+    try {
+      const [matchId, apiPassword] = (
+        request.headers["x-origin-auth"] as string
+      )?.split(":");
+
+      const { matches_by_pk: match } = await this.hasura.query({
+        matches_by_pk: {
+          __args: {
+            id: matchId,
+          },
+          password: true,
+        },
+      });
+
+      if (match?.password !== apiPassword) {
+        this.logger.warn("invalid api password", {
+          matchId,
+          apiPassword,
+        });
+        return response.status(401).end();
+      }
+    } catch (error) {
+      this.logger.warn("unable to fetch server", error.message);
+      return response.status(401).end();
+    }
+
     express.raw({
       type: "*/*",
       limit: "50mb",
-      verify: (req: any, res, buf) => {
-        (req as any).rawBody = buf;
-        req.body = buf;
+      verify: (_request: any, _response: any, buf: Buffer) => {
+        (_request as any).rawBody = buf;
+        _request.body = buf;
       },
-    })(req, res, next);
+    })(request, response, next);
   }
 }
