From 1570270fbcc45f68317a25ad5f492c4d6ddf0c40 Mon Sep 17 00:00:00 2001
From: Aryaman1706 <agrover1_be19@thapar.edu>
Date: Thu, 15 Jul 2021 15:56:55 +0530
Subject: [PATCH 1/2] fix(mailer): added secret header in request and refactor

---
 mailer/src/axios.ts                               | 15 +++++++++++++++
 mailer/src/publisher/publisher.ts                 |  2 +-
 mailer/src/publisher/{ => utils}/fetch.ts         | 10 ++++------
 mailer/src/publisher/{ => utils}/fetch.types.ts   |  0
 .../src/publisher/{ => utils}/sampleResponse.json |  0
 mailer/src/subscriber/setLastSent.ts              | 14 --------------
 mailer/src/subscriber/subscriber.ts               |  6 +++---
 .../src/subscriber/{ => utils}/emailTemplate.ts   |  0
 mailer/src/subscriber/{ => utils}/mailgun.ts      |  4 ++--
 .../src/subscriber/{ => utils}/mailgun.types.ts   |  0
 mailer/src/subscriber/{ => utils}/makeEmail.ts    |  2 +-
 mailer/src/subscriber/utils/setLastSent.ts        |  9 +++++++++
 12 files changed, 35 insertions(+), 27 deletions(-)
 create mode 100644 mailer/src/axios.ts
 rename mailer/src/publisher/{ => utils}/fetch.ts (71%)
 rename mailer/src/publisher/{ => utils}/fetch.types.ts (100%)
 rename mailer/src/publisher/{ => utils}/sampleResponse.json (100%)
 delete mode 100644 mailer/src/subscriber/setLastSent.ts
 rename mailer/src/subscriber/{ => utils}/emailTemplate.ts (100%)
 rename mailer/src/subscriber/{ => utils}/mailgun.ts (96%)
 rename mailer/src/subscriber/{ => utils}/mailgun.types.ts (100%)
 rename mailer/src/subscriber/{ => utils}/makeEmail.ts (80%)
 create mode 100644 mailer/src/subscriber/utils/setLastSent.ts

diff --git a/mailer/src/axios.ts b/mailer/src/axios.ts
new file mode 100644
index 0000000..9716659
--- /dev/null
+++ b/mailer/src/axios.ts
@@ -0,0 +1,15 @@
+import axios from "axios";
+import { Agent } from "https";
+import keys from "./config";
+
+const agent = new Agent({ rejectUnauthorized: false });
+
+const headers: { [k: string]: string } = {};
+headers[keys.SECRET_HEADER_KEY] = keys.SECRET_HEADER_VALUE;
+
+const axiosConfig = axios.create({
+  httpsAgent: agent,
+  headers,
+});
+
+export default axiosConfig;
diff --git a/mailer/src/publisher/publisher.ts b/mailer/src/publisher/publisher.ts
index bc19a99..be43bfc 100644
--- a/mailer/src/publisher/publisher.ts
+++ b/mailer/src/publisher/publisher.ts
@@ -1,6 +1,6 @@
 import * as amqp from "amqplib";
 import keys from "../config";
-import fetch from "./fetch";
+import fetch from "./utils/fetch";
 
 const main = async () => {
   console.log("Trying to connect...");
diff --git a/mailer/src/publisher/fetch.ts b/mailer/src/publisher/utils/fetch.ts
similarity index 71%
rename from mailer/src/publisher/fetch.ts
rename to mailer/src/publisher/utils/fetch.ts
index 87523ba..8a00fce 100644
--- a/mailer/src/publisher/fetch.ts
+++ b/mailer/src/publisher/utils/fetch.ts
@@ -1,14 +1,12 @@
-import * as axios from "axios";
+import axios from "../../axios";
+
 import ResponseData from "./fetch.types";
-import { Agent } from "https";
 
 const requestPromise = () => {
   console.log("Trying to fetch...");
 
-  const agent = new Agent({ rejectUnauthorized: false });
-
-  return axios.default
-    .get("https://covaccinate.tech/api/users/slots/", { httpsAgent: agent })
+  return axios
+    .get("https://covaccinate.tech/api/users/slots/")
     .then((res) => res.data as ResponseData[])
     .catch((err: Error) => {
       console.error(err.message);
diff --git a/mailer/src/publisher/fetch.types.ts b/mailer/src/publisher/utils/fetch.types.ts
similarity index 100%
rename from mailer/src/publisher/fetch.types.ts
rename to mailer/src/publisher/utils/fetch.types.ts
diff --git a/mailer/src/publisher/sampleResponse.json b/mailer/src/publisher/utils/sampleResponse.json
similarity index 100%
rename from mailer/src/publisher/sampleResponse.json
rename to mailer/src/publisher/utils/sampleResponse.json
diff --git a/mailer/src/subscriber/setLastSent.ts b/mailer/src/subscriber/setLastSent.ts
deleted file mode 100644
index 31a8927..0000000
--- a/mailer/src/subscriber/setLastSent.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import * as axios from "axios";
-import { Agent } from "https";
-
-const agent = new Agent({ rejectUnauthorized: false });
-
-const setLastSent = (district_id: string) => {
-  return axios.default.post(
-    "https://covaccinate.tech/api/users/update-lastsent/",
-    { district_ids: [district_id] },
-    { httpsAgent: agent }
-  );
-};
-
-export default setLastSent;
diff --git a/mailer/src/subscriber/subscriber.ts b/mailer/src/subscriber/subscriber.ts
index 9627fa6..9ed1e80 100644
--- a/mailer/src/subscriber/subscriber.ts
+++ b/mailer/src/subscriber/subscriber.ts
@@ -1,9 +1,9 @@
 import * as amqp from "amqplib";
 import keys from "../config";
-import sendEmails from "./mailgun";
-import setLastSent from "./setLastSent";
+import sendEmails from "./utils/mailgun";
+import setLastSent from "./utils/setLastSent";
 
-import ResponseData from "../publisher/fetch.types";
+import ResponseData from "../publisher/utils/fetch.types";
 
 const main = async () => {
   console.log("Trying to connect...");
diff --git a/mailer/src/subscriber/emailTemplate.ts b/mailer/src/subscriber/utils/emailTemplate.ts
similarity index 100%
rename from mailer/src/subscriber/emailTemplate.ts
rename to mailer/src/subscriber/utils/emailTemplate.ts
diff --git a/mailer/src/subscriber/mailgun.ts b/mailer/src/subscriber/utils/mailgun.ts
similarity index 96%
rename from mailer/src/subscriber/mailgun.ts
rename to mailer/src/subscriber/utils/mailgun.ts
index d80b590..9872315 100644
--- a/mailer/src/subscriber/mailgun.ts
+++ b/mailer/src/subscriber/utils/mailgun.ts
@@ -1,9 +1,9 @@
 import mailgun from "mailgun-js";
-import keys from "../config";
+import keys from "../../config";
 import makeEmail from "./makeEmail";
 
 import { ConsumeMessage } from "amqplib";
-import ResponseData from "../publisher/fetch.types";
+import ResponseData from "../../publisher/utils/fetch.types";
 import { SendEmailItem } from "./mailgun.types";
 
 const who = process.env.WHO?.trim().toUpperCase() || "ARYAMAN";
diff --git a/mailer/src/subscriber/mailgun.types.ts b/mailer/src/subscriber/utils/mailgun.types.ts
similarity index 100%
rename from mailer/src/subscriber/mailgun.types.ts
rename to mailer/src/subscriber/utils/mailgun.types.ts
diff --git a/mailer/src/subscriber/makeEmail.ts b/mailer/src/subscriber/utils/makeEmail.ts
similarity index 80%
rename from mailer/src/subscriber/makeEmail.ts
rename to mailer/src/subscriber/utils/makeEmail.ts
index f4cea47..39eaec8 100644
--- a/mailer/src/subscriber/makeEmail.ts
+++ b/mailer/src/subscriber/utils/makeEmail.ts
@@ -1,4 +1,4 @@
-import ResponseData from "../publisher/fetch.types";
+import ResponseData from "../../publisher/utils/fetch.types";
 import ejsTemplate from "./emailTemplate";
 import ejs from "ejs";
 
diff --git a/mailer/src/subscriber/utils/setLastSent.ts b/mailer/src/subscriber/utils/setLastSent.ts
new file mode 100644
index 0000000..65d1b6a
--- /dev/null
+++ b/mailer/src/subscriber/utils/setLastSent.ts
@@ -0,0 +1,9 @@
+import axios from "../../axios";
+
+const setLastSent = (district_id: string) => {
+  return axios.post("https://covaccinate.tech/api/users/update-lastsent/", {
+    district_ids: [district_id],
+  });
+};
+
+export default setLastSent;

From a8fb2849e27c30a7580cbd514406bd3588f7de43 Mon Sep 17 00:00:00 2001
From: Saurav-Shrivastav <sshrivastav_be19@thapar.edu>
Date: Thu, 15 Jul 2021 20:26:03 +0530
Subject: [PATCH 2/2] added a validate_header decorator

---
 jabme/users/decorators.py | 13 +++++++++++++
 jabme/users/views.py      |  6 +++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/jabme/users/decorators.py b/jabme/users/decorators.py
index a2d8242..5122fde 100644
--- a/jabme/users/decorators.py
+++ b/jabme/users/decorators.py
@@ -3,6 +3,7 @@
 from django.http import HttpResponse
 
 allowed_ips = os.environ.get("ALLOWED_IPS", "localhost 127.0.0.1").split()
+super_secret_header = os.environ.get("SECRET_HEADER")
 
 
 def login_by_ip(view_func):
@@ -14,3 +15,15 @@ def authorize(request, *args, **kwargs):
         return HttpResponse("Forbidden. F Off.")
 
     return authorize
+
+
+def validate_header(view_func):
+    def authorize(request, *args, **kwargs):
+        if (
+            "only-fan-secret-key" in request.headers
+            and super_secret_header == request.headers["only-fan-secret-key"]
+        ):
+            return view_func(request, *args, **kwargs)
+        return HttpResponse("Forbidden. F Off.")
+
+    return authorize
diff --git a/jabme/users/views.py b/jabme/users/views.py
index 618dc1a..c44aba4 100644
--- a/jabme/users/views.py
+++ b/jabme/users/views.py
@@ -21,7 +21,7 @@
 from fake_useragent import UserAgent
 from rest_framework.response import Response
 from rest_framework.views import APIView
-from users.decorators import login_by_ip
+from users.decorators import validate_header
 from users.models import District
 
 PINCODE_REGEX = "^[1-9][0-9]{5}$"
@@ -74,7 +74,7 @@ def post(self, request):
         return Response("Registered Successfully")
 
 
-@method_decorator(login_by_ip, name="get")
+@method_decorator(validate_header, name="get")
 class FindSlotView(APIView):
     def get(self, request):
         time_threshold = datetime.now(timezone.utc) - timedelta(
@@ -206,7 +206,7 @@ def get(self, request):
         return Response(result)
 
 
-@method_decorator(login_by_ip, name="post")
+@method_decorator(validate_header, name="post")
 class UpdateEmailSentTime(APIView):
     def post(self, request):
         now = Now()