openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: BUG-022 check duplicate email before rate limit, BUG-024 support X-API-Key header

Browse source
This commit is contained in:
OpenClaw 2026-02-14 18:41:46 +00:00
parent f59b99203e
commit a67c16cd0f
3 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/middleware/auth.ts
View file

@ -7,11 +7,19 @@ export function authMiddleware(
next: NextFunction
): void {
const header = req.headers.authorization;
if (!header?.startsWith("Bearer ")) {
res.status(401).json({ error: "Missing API key. Use: Authorization: Bearer <key>" });
const xApiKey = req.headers["x-api-key"] as string | undefined;
let key: string | undefined;
if (header?.startsWith("Bearer ")) {
key = header.slice(7);
} else if (xApiKey) {
key = xApiKey;
}
if (!key) {
res.status(401).json({ error: "Missing API key. Use: Authorization: Bearer <key> or X-API-Key: <key>" });
return;
}
const key = header.slice(7);
if (!isValidKey(key)) {
res.status(403).json({ error: "Invalid API key" });
return;