Require ?v=1.1 on Scalar /register and /account

For upstream compatibility and security.
2024-07-08 12:01:48 +00:00 · 2019-03-15 20:02:21 -06:00 · 2019-03-15 20:02:21 -06:00 · dce6bcde56
commit dce6bcde56
parent 0287e472f8
4 changed files with 18 additions and 4 deletions
--- a/src/api/scalar/ScalarService.ts
+++ b/src/api/scalar/ScalarService.ts
@ -49,7 +49,11 @@ export class ScalarService {

    @POST
    @Path("register")
-    public async register(request: RegisterRequest): Promise<ScalarRegisterResponse> {
+    public async register(request: RegisterRequest, @QueryParam("v") apiVersion: string): Promise<ScalarRegisterResponse> {
+        if (apiVersion !== "1.1") {
+            throw new ApiError(401, "Invalid API version.");
+        }
+
        const mxClient = new MatrixOpenIdClient(<OpenId>request);
        const mxUserId = await mxClient.getUserId();

@ -95,7 +99,11 @@ export class ScalarService {

    @GET
    @Path("account")
-    public async getAccount(@QueryParam("scalar_token") scalarToken: string): Promise<ScalarAccountResponse> {
+    public async getAccount(@QueryParam("scalar_token") scalarToken: string, @QueryParam("v") apiVersion: string): Promise<ScalarAccountResponse> {
+        if (apiVersion !== "1.1") {
+            throw new ApiError(401, "Invalid API version.");
+        }
+
        const userId = await ScalarService.getTokenOwner(scalarToken);
        return {user_id: userId};
    }
--- a/src/scalar/ScalarClient.ts
+++ b/src/scalar/ScalarClient.ts
@ -3,6 +3,7 @@ import { ScalarRegisterResponse } from "../models/ScalarResponses";
 import * as request from "request";
 import { LogService } from "matrix-js-snippets";
 import Upstream from "../db/models/Upstream";
+import { SCALAR_API_VERSION } from "../utils/common-constants";

 export class ScalarClient {
    constructor(private upstream: Upstream) {
@ -14,6 +15,7 @@ export class ScalarClient {
            request({
                method: "POST",
                url: this.upstream.scalarUrl + "/register",
+                qs: {v: SCALAR_API_VERSION},
                json: openId,
            }, (err, res, _body) => {
                if (err) {
--- a/src/utils/common-constants.ts
+++ b/src/utils/common-constants.ts
@ -0,0 +1 @@
+export const SCALAR_API_VERSION = "1.1";
--- a/web/app/shared/services/scalar/scalar-server-api.service.ts
+++ b/web/app/shared/services/scalar/scalar-server-api.service.ts
@ -6,6 +6,7 @@ import {
    FE_ScalarRegisterResponse
 } from "../../models/scalar-server-responses";
 import { AuthedApi } from "../authed-api";
+import { SCALAR_API_VERSION } from "../../../../../src/utils/common-constants";

@Injectable()
 export class ScalarServerApiService extends AuthedApi {
@ -14,10 +15,12 @@ export class ScalarServerApiService extends AuthedApi {
    }

    public getAccount(): Promise<FE_ScalarAccountResponse> {
-        return this.authedGet("/api/v1/scalar/account").map(res => res.json()).toPromise();
+        return this.authedGet("/api/v1/scalar/account", {v: SCALAR_API_VERSION}).map(res => res.json()).toPromise();
    }

    public register(openId: FE_ScalarOpenIdRequestBody): Promise<FE_ScalarRegisterResponse> {
-        return this.http.post("/api/v1/scalar/register", openId).map(res => res.json()).toPromise();
+        return this.http.post("/api/v1/scalar/register", openId, {
+            params: {v: SCALAR_API_VERSION},
+        }).map(res => res.json()).toPromise();
    }
 }