add authentication

config.json

@@ -0,0 +1,5 @@
+{
+    "marketplace_enabled": false,
+    "marketplace_psk": "CHANGE_THIS_THIS_IS_INSECURE",
+    "marketplace_level": "1"
+}

server.js

@@ -6,6 +6,7 @@ import { Sequelize, DataTypes } from "sequelize";
 import { fileURLToPath } from "url";
 import { handler as ssrHandler } from "./dist/server/entry.mjs";
 import multer from "multer";
+import config from "./config.json" assert { type: "json" };
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -19,7 +20,22 @@ const sequelize = new Sequelize("database", "user", "password", {
   storage: "database.sqlite",
 });
 
-var storage = multer.diskStorage({
+// Auth middleware
+function auth_psk(req, res, next) {
+  if (!config.marketplace_enabled) {
+    let err = "Marketplace is disabled!";
+    return next(err);
+  }
+
+  if (req.headers.psk !== config.marketplace_psk) {
+    let err = "Bad PSK!";
+    return next(err);
+  }
+
+  return next();
+}
+
+var image_storage = multer.diskStorage({
   destination: function (req, file, cb) {
     cb(null, "database_assets/image");
   },
@@ -28,7 +44,7 @@ var storage = multer.diskStorage({
   },
 });
 
-var upload = multer({ storage: storage });
+var image_upload = multer({ storage: image_storage });
 
 const catalog_assets = sequelize.define("catalog_assets", {
   package_name: {
@@ -149,8 +165,12 @@ app.get("/api/packages/:package", async (request, reply) => {
 });
 
 // This API is responsible for image uploads
-// PSK authentication required. (NOT YET IMPLEMENTED!!!!!!!!!!)
-app.post("/upload", upload.single("file"), (req, res) => {
+// PSK authentication required.
+app.post(
+  "/api/upload-image",
+  auth_psk,
+  image_upload.single("file"),
+  (req, res) => {
     console.log("Request file:", req.file);
 
     if (!req.file) {
@@ -162,7 +182,8 @@ app.post("/upload", upload.single("file"), (req, res) => {
       message: "File uploaded successfully",
       filename: req.file.originalname,
     });
-});
+  }
+);
 
 app.use("/images/", express.static("./database_assets/image"));
 app.use("/videos/", express.static("./database_assets/video"));

test_upload.js

@@ -1,10 +1,19 @@
 // This is a test file to upload files to the Nebula server
 import { FormData, File } from "formdata-node";
 import { fileFromPath } from "formdata-node/file-from-path";
+import config from "./config.json" assert { type: "json" };
 
 const form = new FormData();
 // const file = new File(["My hovercraft is full of eels"], "example.txt");
 
 form.set("file", await fileFromPath("asgard.png"));
 
-await fetch("http://localhost:8080/upload", { method: "post", body: form });
+console.log(config.marketplace_psk);
+
+await fetch("http://localhost:8080/api/upload-image", {
+  headers: {
+    PSK: config.marketplace_psk,
+  },
+  method: "post",
+  body: form,
+});