feat: add check middleware to optionally block non-OGP user

datagovsg · Jun 15, 2021 · 46447cf · 46447cf
1 parent 95e1783
commit 46447cf
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/env_example b/env_example
@@ -7,3 +7,4 @@ export LOGGING_URL="http://localhost:4000/secret_datasets"
 export COOKIE_SECRET="blahblahblah"
 export COOKIE_DOMAIN="localhost"
 export REDIS_SESSION_URL="redis://localhost:6379"
+export BLOCK_NON_OGP="true"
diff --git a/server/routes/index.js b/server/routes/index.js
@@ -137,6 +137,14 @@ module.exports = function(app) {
 
   const sessionIsValid = (req, res, next) => {
     if (req.session.email) {
+      // Check if blocker is enabled, if so redirect non-OGP users away from Send
+      if (
+        process.env.BLOCK_NON_OGP === 'true' &&
+        req.session.email.includes('@open.gov.sg') === false
+      ) {
+        return res.redirect(config.LOGIN_URL);
+      }
+
       return next();
     } else {
       // The Regex below removes '/download/' from the '/download/download_id/' URL