chore: protect individual certificate endpoint with token

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Bug fixes
 
+- Protect individual certificate endpoint with token
 - Kibana disk space alerts now work regardless of your disk device names. Alerts listen devices mounted both to `/` and `/data` (encrypted data partition)
 - "Publish release" pipeline now correctly uses the "Branch to build from" value as the branch to be tagged. Previously it tried tagging "master". "Release tag" is also now used as the release version as is instead of it being read from `package.json`.
 

src/api/certificates/handler.ts

@@ -0,0 +1,20 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * OpenCRVS is also distributed under the terms of the Civil Registration
+ * & Healthcare Disclaimer located at http://opencrvs.org/license.
+ *
+ * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+ */
+
+import { Request, ResponseToolkit } from '@hapi/hapi'
+import { readFileSync } from 'fs'
+
+export async function certificateHandler(request: Request, h: ResponseToolkit) {
+  const res = readFileSync(
+    `./src/api/certificates/source/Farajaland-${request.params.event}-certificate-v2.svg`
+  ).toString()
+  return h.response(res).code(200)
+}

src/index.ts

@@ -49,7 +49,7 @@ import { ErrorContext } from 'hapi-auth-jwt2'
 import { mapGeojsonHandler } from '@countryconfig/api/dashboards/handler'
 import { formHandler } from '@countryconfig/form'
 import { locationsHandler } from './data-seeding/locations/handler'
-import { certificateHandler } from './data-seeding/certificates/handler'
+import { certificateHandler } from './api/certificates/handler'
 import { rolesHandler } from './data-seeding/roles/handler'
 import { usersHandler } from './data-seeding/employees/handler'
 import { applicationConfigHandler } from './api/application/handler'
@@ -238,18 +238,15 @@ export async function createServer() {
 
   server.auth.default('jwt')
 
-  if (process.env.NODE_ENV !== 'production') {
-    server.route({
-      method: 'GET',
-      path: '/certificates/{event}.svg',
-      handler: certificateHandler,
-      options: {
-        auth: false,
-        tags: ['api', 'certificates'],
-        description: 'Returns only one certificate metadata'
-      }
-    })
-  }
+  server.route({
+    method: 'GET',
+    path: '/certificates/{event}.svg',
+    handler: certificateHandler,
+    options: {
+      tags: ['api', 'certificates'],
+      description: 'Returns only one certificate metadata'
+    }
+  })
   // add ping route by default for health check
   server.route({
     method: 'GET',
@@ -490,16 +487,6 @@ export async function createServer() {
     }
   })
 
-  server.route({
-    method: 'GET',
-    path: '/certificates',
-    handler: certificateHandler,
-    options: {
-      tags: ['api', 'certificates'],
-      description: 'Returns certificate metadata'
-    }
-  })
-
   server.route({
     method: 'GET',
     path: '/roles',