By default, only allow signatures on whitelisted petitions

Author: Hainish

api/validation.js

@@ -3,11 +3,20 @@
  */
 
 var joi = require('joi');
+var wtpConfig = require('config').get('WE_THE_PEOPLE');
+
+var petitionIdType = joi.string();
+if(wtpConfig.get('WHITELIST_PETITIONS')){
+  petitionIdType = petitionIdType.valid(
+    wtpConfig.get('WHITELISTED_PETITIONS')
+  );
+}
 
 var signaturePOSTSchema = joi.object().keys({
   firstName: joi.string().max(50).required(),
   lastName: joi.string().max(50).required(),
   email: joi.string().email().required(),
+  petitionId: petitionIdType.required(),
   subscribeToEmails: joi.string()
 });
 

config/default.json

@@ -17,7 +17,8 @@
   "WE_THE_PEOPLE": {
     "API_KEY": "",
     "API_URL": "",
-    "RATE_LIMIT": 1000
+    "RATE_LIMIT": 1000,
+    "WHITELIST_PETITIONS": true
   },
 
   "REDIS": {

config/development.json

@@ -2,7 +2,11 @@
 
   "WE_THE_PEOPLE": {
     "API_KEY": "",
-    "API_URL": "http://sandbox.api.whitehouse.gov/v1"
+    "API_URL": "http://sandbox.api.whitehouse.gov/v1",
+    "WHITELISTED_PETITIONS": [
+      "4e7b218a4bd504c17a000001",
+      "4e7b21632ee8d04577000000"
+    ]
   }
 
 }

config/production.json

@@ -8,7 +8,8 @@
 
   "WE_THE_PEOPLE": {
     "API_KEY": "",
-    "API_URL": "https://api.whitehouse.gov/v1"
+    "API_URL": "https://api.whitehouse.gov/v1",
+    "WHITELISTED_PETITIONS": []
   }
 
 }