fix: ensure the Auth header is present in a call to SDMS

b61a97f3 · Diego Molteni · Sacha Brants · 53e9ba5d · b61a97f3
Commit b61a97f3 authored Jun 29, 2021 by Diego Molteni Committed by Sacha Brants Jun 29, 2021
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -19,7 +19,7 @@ import express from 'express';
 import jwtProxy, { JwtProxyOptions } from 'jwtproxy';
 import { Config, LoggerFactory } from '../cloud';
 import { ServiceRouter } from '../services';
-import { Feature, FeatureFlags } from '../shared';
+import { Error, Feature, FeatureFlags, Response } from '../shared';
 import { v4 as uuidv4 } from 'uuid';

 import fs from 'fs';
@@ -109,6 +109,16 @@ export class Server {
                req.headers.authorization = req.get('slb-on-behalf-of');
            }

+            // ensure the authorization header is passed
+            if (!req.headers.authorization) {
+                if(!req.url.endsWith('svcstatus')) {
+                    Response.writeError(res, Error.make(
+                        Error.Status.UNAUTHENTICATED,
+                        'Unauthenticated Access. Authorizations not found in the request.'));
+                    return;
+                }
+            }
+
            // track caller to the main log
            const key = req.headers['x-api-key'] as string;
            const logger = LoggerFactory.build(Config.CLOUDPROVIDER);