HoshinoKoji/experiment-worker-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Put restrictions to authentication to avoid abusing Prolific API

Browse Source
This commit is contained in:
HoshinoKoji 2024-10-01 17:41:18 +08:00
parent 682ac67664
commit 471226574a
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/auth.js
View File

@ -1,13 +1,15 @@
import getAccessTokenDispatcher from "./getAccessToken";
// test data: 6697e96f70b84092deb6132b, 61381e32f27ab4fbed1ec26e
// test data: 6697e435d3561e6fab4a95cf, 61381e32f27ab4fbed1ec26e
export async function authSubject(request, env, ctx) {
const headers = request.headers;
const studyId = headers.get('x-study-id');
const subjectId = headers.get('x-subject-id');
const prolificApiKey = env.PROLIFIC_API_KEY;
if (!studyId || !subjectId || !subjectId.match(/^[a-zA-Z0-9]{1,32}$/))
if (studyId === env.TEST_STUDY_ID && subjectId === env.TEST_SUBJECT_ID)
return true;
if (!subjectId.match(/^[a-f0-9]{1,32}$/) || !studyId.match(/^[a-f0-9]{1,32}$/))
return false;
try {