support for a secret key for outside requests

index.js

@@ -5,6 +5,7 @@ const http = require('http');
 
 const port = env.PORT || "3000"
 const address = env.ADDRESS || "0.0.0.0"
+const key = env.KEY
 
 let tokens = {};
 
@@ -26,6 +27,7 @@ const refreshTokens = async () => {
     const { visitorData, poToken } = await generate();
     tokens.visitorData = visitorData;
     tokens.poToken = poToken;
+    console.log("[DEBUG] generateTokens finished")
   } catch (e) {
     console.error(`refreshTokens: Error ${e}`)
   }
@@ -36,15 +38,38 @@ const server = http.Server(async (req, res) => {
     case "/generate":
       if (tokens.visitorData == undefined || tokens.poToken == undefined) {
         res.writeHead(500)
+        res.write("Tokens are not yet generated");
         return res.end()
       }
+
+      const host = req.headers.host;
+
       const json = {
         potoken: tokens.poToken,
         visitorData: tokens.visitorData,
       };
-      res.writeHead(200, { 'Content-Type': 'text/json' })
+
-      res.write(JSON.stringify(json))
+      if (host === `127.0.0.1:${port}` || host === `localhost:${port}`) {
-      return res.end()
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.write(JSON.stringify(json));
+        return res.end();
+      } else {
+        if (key != "" && key != undefined) {
+          const auth = req.headers.authorization;
+          if (auth == `Bearer ${key}`) {
+            res.writeHead(200, { 'Content-Type': 'text/plain' });
+            res.write(JSON.stringify(json));
+            return res.end();
+          } else {
+            res.writeHead(401, { 'Content-Type': 'text/plain' });
+            return res.end();
+          }
+        } else {
+          res.writeHead(200, { 'Content-Type': 'text/plain' });
+          res.write(JSON.stringify(json));
+          return res.end();
+        }
+      }
     case "/update":
       await refreshTokens();
       res.writeHead(200, { 'Content-Type': 'text/plain' })