?key= authentication, closes simonw#3

simonw · simonw · commit ca09e6a0b365 · 2020-09-01T11:05:24.000-07:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "puppeteer-screenshot",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Take screenshot of a website",
   "private": true,
   "license": "MIT",
diff --git a/screenshot.js b/screenshot.js
@@ -1,8 +1,25 @@
 const { parse } = require('url');
+const { timingSafeEqual } = require('crypto');
 const { getScreenshot } = require('./chromium');
 const { getInt, getUrlFromPath, isValidUrl } = require('./validator');
 
+const SECRET_KEY = process.env.SECRET_KEY;
+
+const compare = (a, b) => {
+    try {
+        return timingSafeEqual(Buffer.from(a, "utf8"), Buffer.from(b, "utf8"));
+    } catch {
+        return false;
+    }
+};
+
 module.exports = async function (req, res) {
+    if (!compare(req.query.key, SECRET_KEY)) {
+        res.statusCode = 403;
+        res.setHeader('Content-Type', 'text/html');
+        res.end('<h1>Bad ?key=</h1><p>Permission denied</p>');
+        return;
+    }
     try {
         const { pathname = '/', query = {} } = parse(req.url, true);
         const { type = 'png', quality, fullPage } = query;

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "puppeteer-screenshot",`
`3`		`- "version": "1.0.1",`
	`3`	`+ "version": "1.1.0",`
`4`	`4`	`"description": "Take screenshot of a website",`
`5`	`5`	`"private": true,`
`6`	`6`	`"license": "MIT",`