#91 authorization header in electron app

app/src/electron.js

@@ -212,8 +212,9 @@ function createWindow() {
     ]);
     apiProcess.on('message', msg => {
       if (msg.msgtype == 'listening') {
-        const { port } = msg;
+        const { port, authorization } = msg;
         global['port'] = port;
+        global['authorization'] = authorization;
         loadMainWindow();
       }
     });

packages/api/src/main.js

@@ -9,6 +9,7 @@ const fs = require('fs');
 const findFreePort = require('find-free-port');
 const childProcessChecker = require('./utility/childProcessChecker');
 const path = require('path');
+const crypto = require('crypto');
 
 const useController = require('./utility/useController');
 const socket = require('./utility/socket');
@@ -31,6 +32,8 @@ const { rundir } = require('./utility/directories');
 const platformInfo = require('./utility/platformInfo');
 const processArgs = require('./utility/processArgs');
 
+let authorization = null;
+
 function start() {
   // console.log('process.argv', process.argv);
 
@@ -51,6 +54,13 @@ function start() {
     );
   }
 
+  app.use(function (req, res, next) {
+    if (authorization && req.headers.authorization != authorization) {
+      return res.status(403).json({ error: 'Not authorized!' });
+    }
+    next();
+  });
+
   app.use(cors());
   app.use(bodyParser.json({ limit: '50mb' }));
 
@@ -95,10 +105,12 @@ function start() {
   if (processArgs.dynport) {
     childProcessChecker();
 
+    authorization = crypto.randomBytes(32).toString('hex');
+
     findFreePort(53911, function (err, port) {
       server.listen(port, () => {
         console.log(`DbGate API listening on port ${port}`);
-        process.send({ msgtype: 'listening', port });
+        process.send({ msgtype: 'listening', port, authorization });
       });
     });
   } else if (platformInfo.isNpmDist) {

packages/web/src/utility/axiosInstance.js

@@ -1,5 +1,5 @@
 import axios from 'axios';
-import resolveApi from './resolveApi';
+import resolveApi, { resolveApiHeaders } from './resolveApi';
 
 const axiosInstance = axios.create({
   baseURL: resolveApi(),
@@ -9,6 +9,7 @@ axiosInstance.defaults.headers = {
   'Cache-Control': 'no-cache',
   Pragma: 'no-cache',
   Expires: '0',
+  ...resolveApiHeaders(),
 };
 
 export default axiosInstance;

packages/web/src/utility/resolveApi.ts

@@ -20,3 +20,16 @@ export default function resolveApi() {
   }
   return window.location.origin;
 }
+
+export function resolveApiHeaders() {
+  if (window['require']) {
+    const electron = window['require']('electron');
+
+    if (electron) {
+      return {
+        Authorization: electron.remote.getGlobal('authorization'),
+      };
+    }
+  }
+  return {};
+}