Require ?v=1.1 on Scalar /register and /account

For upstream compatibility and security.

src/api/scalar/ScalarService.ts

@@ -49,7 +49,11 @@ export class ScalarService {
 
     @POST
     @Path("register")
-    public async register(request: RegisterRequest): Promise<ScalarRegisterResponse> {
+    public async register(request: RegisterRequest, @QueryParam("v") apiVersion: string): Promise<ScalarRegisterResponse> {
+        if (apiVersion !== "1.1") {
+            throw new ApiError(401, "Invalid API version.");
+        }
+
         const mxClient = new MatrixOpenIdClient(<OpenId>request);
         const mxUserId = await mxClient.getUserId();
 
@@ -95,7 +99,11 @@ export class ScalarService {
 
     @GET
     @Path("account")
-    public async getAccount(@QueryParam("scalar_token") scalarToken: string): Promise<ScalarAccountResponse> {
+    public async getAccount(@QueryParam("scalar_token") scalarToken: string, @QueryParam("v") apiVersion: string): Promise<ScalarAccountResponse> {
+        if (apiVersion !== "1.1") {
+            throw new ApiError(401, "Invalid API version.");
+        }
+
         const userId = await ScalarService.getTokenOwner(scalarToken);
         return {user_id: userId};
     }

src/scalar/ScalarClient.ts

@@ -3,6 +3,7 @@ import { ScalarRegisterResponse } from "../models/ScalarResponses";
 import * as request from "request";
 import { LogService } from "matrix-js-snippets";
 import Upstream from "../db/models/Upstream";
+import { SCALAR_API_VERSION } from "../utils/common-constants";
 
 export class ScalarClient {
     constructor(private upstream: Upstream) {
@@ -14,6 +15,7 @@ export class ScalarClient {
             request({
                 method: "POST",
                 url: this.upstream.scalarUrl + "/register",
+                qs: {v: SCALAR_API_VERSION},
                 json: openId,
             }, (err, res, _body) => {
                 if (err) {

src/utils/common-constants.ts

@@ -0,0 +1 @@
+export const SCALAR_API_VERSION = "1.1";

web/app/shared/services/scalar/scalar-server-api.service.ts

@@ -6,6 +6,7 @@ import {
     FE_ScalarRegisterResponse
 } from "../../models/scalar-server-responses";
 import { AuthedApi } from "../authed-api";
+import { SCALAR_API_VERSION } from "../../../../../src/utils/common-constants";
 
 @Injectable()
 export class ScalarServerApiService extends AuthedApi {
@@ -14,10 +15,12 @@ export class ScalarServerApiService extends AuthedApi {
     }
 
     public getAccount(): Promise<FE_ScalarAccountResponse> {
-        return this.authedGet("/api/v1/scalar/account").map(res => res.json()).toPromise();
+        return this.authedGet("/api/v1/scalar/account", {v: SCALAR_API_VERSION}).map(res => res.json()).toPromise();
     }
 
     public register(openId: FE_ScalarOpenIdRequestBody): Promise<FE_ScalarRegisterResponse> {
-        return this.http.post("/api/v1/scalar/register", openId).map(res => res.json()).toPromise();
+        return this.http.post("/api/v1/scalar/register", openId, {
+            params: {v: SCALAR_API_VERSION},
+        }).map(res => res.json()).toPromise();
     }
 }