* Validate a loopback /internal/* request. Returns null when the request * is allowed; otherwise returns the Response to send back. Centralizes * bearer auth + the v1.44 X-Browse-Gen generation check so adding a new * /internal/* route is a one-liner.
(req: Request)
| 381 | * /internal/* route is a one-liner. |
| 382 | */ |
| 383 | function checkInternalAuth(req: Request): Response | null { |
| 384 | const auth = req.headers.get('authorization'); |
| 385 | if (auth !== `Bearer ${INTERNAL_TOKEN}`) { |
| 386 | return new Response('forbidden', { status: 403 }); |
| 387 | } |
| 388 | const headerGen = req.headers.get('x-browse-gen'); |
| 389 | if (headerGen && headerGen !== CURRENT_GEN) { |
| 390 | return new Response('stale generation', { status: 409 }); |
| 391 | } |
| 392 | return null; |
| 393 | } |
| 394 | |
| 395 | /** |
| 396 | * Wrap a JSON-bodied /internal/* handler with the standard bearer-auth + |
no test coverage detected