add api key for mwf (#290)

## PR Description: Hello team, This PR addresses an issue encountered when attempting to establish communication between our backend and the MWF game. Due to CORS restrictions, the MWF game was unable to access the necessary backend resources. To overcome this challenge, we have implemented an API key system within our backend infrastructure. An API key has been generated and integrated into our codebase, allowing authorized communication between the MWF game and our backend. ## Changes Made: Generated an API key specifically for facilitating communication between the MWF game and our backend. Integrated the API key into our backend codebase to authenticate and authorize requests from the MWF game. Updated the backend's CORS configuration to allow the MWF game to access the required backend resources using the provided API key. ## Notes for Reviewers: Please review the changes made, ensuring that the API key integration and CORS configuration updates have effectively resolved the issue. Verify that the MWF game can now communicate with our backend seamlessly, without encountering any CORS-related restrictions. We appreciate your attention and valuable contributions. Kindly provide any feedback or suggestions you may have. Best regards, Louay HICHRI
SaTT-Wallet · Jul 17, 2023 · 72f7452 · 72f7452
2 parents 865953a + 3638906
commit 72f7452
Showing 1 changed file with 39 additions and 32 deletions.
diff --git a/conf/corsSetup.js b/conf/corsSetup.js
@@ -1,36 +1,43 @@
 require('dotenv').config()
-const corsSetup = (req, res, next) =>{
-    if (process.env.NODE_ENV == "mainnet") {
-        if (req.headers.origin) {
-            if (
-                req.headers.origin === 'https://dapp.satt.com' ||
-                req.headers.origin === 'https://satt-token.com' ||
-                req.headers.origin === 'https://app.ihave.io' ||
-                req.headers.origin === 'http://backoffice.atayen.us'
-            ) {
-                return next()
-            } else return res.redirect("https://satt-token.com");
-
-
-        } else {
-            if (
-                req.url.includes('google') ||
-                req.url.includes('youtube') ||
-                req.url.includes('facebook') ||
-                req.url.includes('tikTok') ||
-                req.url.includes('tiktok') ||
-                req.url.includes('linkedin') ||
-                req.url.includes('twitter') ||
-                req.url.includes('telegram')
-            ) {
-                return next()
-            } else return res.redirect("https://satt-token.com");
-
-
-
-        }
-    } else return next()
-}
+const corsSetup = (req, res, next) => {
+    const apiKey = req.headers['api-key'];
+
+    if (apiKey && apiKey === process.env.API_KEY) {
+      return next();
+    }
+
+    if (process.env.NODE_ENV === "mainnet") {
+      const allowedOrigins = [
+        'https://dapp.satt.com',
+        'https://satt-token.com',
+        'https://app.ihave.io',
+        'http://backoffice.atayen.us'
+      ];
+
+      if (req.headers.origin && allowedOrigins.includes(req.headers.origin)) {
+        return next();
+      }
+
+      const blockedUrls = [
+        'google',
+        'youtube',
+        'facebook',
+        'tikTok',
+        'tiktok',
+        'linkedin',
+        'twitter',
+        'telegram'
+      ];
+
+      if (blockedUrls.some(url => req.url.includes(url))) {
+        return next();
+      }
+
+      return res.redirect("https://satt-token.com");
+    }
+
+    return next();
+  };