From 1ad98323b974f2e107c12d97fdc27a13b0f481f2 Mon Sep 17 00:00:00 2001
From: maslow <wangfugen@126.com>
Date: Fri, 11 Aug 2023 11:18:14 +0800
Subject: [PATCH] fix(runtime): function source leakage caused by type hint
 interface (#1454)

---
 runtimes/nodejs/src/handler/typings.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/runtimes/nodejs/src/handler/typings.ts b/runtimes/nodejs/src/handler/typings.ts
index a16516ae22..cf35eee94b 100644
--- a/runtimes/nodejs/src/handler/typings.ts
+++ b/runtimes/nodejs/src/handler/typings.ts
@@ -11,6 +11,7 @@ import path = require('path')
 import { logger } from '../support/logger'
 import { IRequest } from '../support/types'
 import { FunctionCache } from '../support/function-engine/cache'
+import { parseToken } from '../support/token'
 
 const nodeModulesRoot = path.resolve(__dirname, '../../node_modules')
 
@@ -20,6 +21,16 @@ const nodeModulesRoot = path.resolve(__dirname, '../../node_modules')
 export async function handlePackageTypings(req: IRequest, res: Response) {
   const requestId = req['requestId']
 
+   // verify the debug token
+   const token = req.get('x-laf-develop-token')
+   if (!token) {
+     return res.status(400).send('x-laf-develop-token is required')
+   }
+   const auth = parseToken(token) || null
+   if (auth?.type !== 'develop') {
+     return res.status(403).send('permission denied: invalid develop token')
+   }
+
   const packageName = req.query.packageName as string
   if (!packageName) {
     return res.status(422).send('invalid package name')