From 56c95c8264911bcce56be55d65871a43b75a220a Mon Sep 17 00:00:00 2001
From: Joey Zhou <jozhou@mozilla.com>
Date: Mon, 17 Jun 2024 14:49:17 -0700
Subject: [PATCH] feat: change to enterprise API for HIBP

---
 .env-dist         |  2 +-
 src/utils/hibp.js | 19 ++++++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.env-dist b/.env-dist
index 7757f312d..7a134a27d 100755
--- a/.env-dist
+++ b/.env-dist
@@ -54,7 +54,7 @@ OAUTH_API_URI="https://api-accounts.stage.mozaws.net/v1"
 # How many seconds to wait before refreshing upstream breach data from HIBP
 HIBP_RELOAD_BREACHES_TIMER=600
 # HIBP API for range search and subscription
-HIBP_KANON_API_ROOT=https://api.haveibeenpwned.com
+HIBP_KANON_API_ROOT=https://enterprise.stage-api.haveibeenpwned.com
 HIBP_KANON_API_TOKEN=
 HIBP_API_ROOT=https://haveibeenpwned.com/api/v2
 HIBP_API_TOKEN=
diff --git a/src/utils/hibp.js b/src/utils/hibp.js
index 60c0b2837..89e89422c 100644
--- a/src/utils/hibp.js
+++ b/src/utils/hibp.js
@@ -23,9 +23,10 @@ function _addStandardOptions (options = {}) {
   const hibpOptions = {
     headers: {
       'User-Agent': HIBP_USER_AGENT
-    }
+    },
+    ...options
   }
-  return Object.assign(options, hibpOptions)
+  return hibpOptions
 }
 /* c8 ignore stop */
 
@@ -58,6 +59,7 @@ async function _throttledFetch (url, reqOptions, tryCount = 1) {
           return await _throttledFetch(url, reqOptions, tryCount)
         }
       default:
+        console.error(await response.text())
         throw new InternalServerError(`bad response: ${response.status}`)
     }
   } catch (err) {
@@ -88,7 +90,13 @@ async function req (path, options = {}) {
 /* c8 ignore start */
 async function kAnonReq (path, options = {}) {
   // Construct HIBP url and standard headers
-  const url = `${HIBP_KANON_API_ROOT}${path}?code=${encodeURIComponent(HIBP_KANON_API_TOKEN)}`
+  const url = `${HIBP_KANON_API_ROOT}${path}`
+  options = {
+      headers: {"Content-Type": "application/json",
+      "Accept": "application/json",
+      "Hibp-Enterprise-Api-Key": HIBP_KANON_API_TOKEN
+    },
+    ...options}
   const reqOptions = _addStandardOptions(options)
   return await _throttledFetch(url, reqOptions)
 }
@@ -269,10 +277,11 @@ function getFilteredBreaches (breaches) {
 async function getBreachesForEmail (sha1, allBreaches, includeSensitive = false, filterBreaches = true) {
   let foundBreaches = []
   const sha1Prefix = sha1.slice(0, 6).toUpperCase()
-  const path = `/breachedaccount/range/${sha1Prefix}`
+  const path = `/range/search/${sha1Prefix}`
 
   const response = await kAnonReq(path)
-  if (!response) {
+  if (!response || !response.ok) {
+    console.log("failed_kAnonReq_call: no response, return empty")
     return []
   }
   // Parse response body, format: