Merge pull request #432 from energywebfoundation/fix/whitelist-login-…

…endpoint fix(dsb-client-gateway-api): whitelist endpoints
energywebfoundation · Mar 25, 2024 · 167057b · 167057b
2 parents dae2e05 + 285810d
commit 167057b
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/libs/ddhub-client-gateway-guard/src/lib/guard/api-key.guard.ts b/libs/ddhub-client-gateway-guard/src/lib/guard/api-key.guard.ts
@@ -7,6 +7,14 @@ import {
 import { ConfigService } from '@nestjs/config';
 import { UserGuard } from '@dsb-client-gateway/ddhub-client-gateway-user-roles';
 
+const WHITELISTED_ENDPOINTS = [
+  '/api/v2/health',
+  '/api/v2/login',
+  '/api/v2/login/refresh-token',
+  '/api/v2/login/config',
+  '/api/v2/gateway',
+];
+
 @Injectable()
 export class ApiKeyGuard implements CanActivate {
   protected readonly logger = new Logger(ApiKeyGuard.name);
@@ -60,7 +68,7 @@ export class ApiKeyGuard implements CanActivate {
 
     const { headers } = request;
 
-    if (request.url === '/api/v2/health') {
+    if (WHITELISTED_ENDPOINTS.includes(request.url)) {
       return true;
     }