30 lines
820 B
TypeScript
30 lines
820 B
TypeScript
import { Request, Response, NextFunction } from "express";
|
|
import { isValidKey, getKeyInfo } from "../services/keys.js";
|
|
|
|
export function authMiddleware(
|
|
req: Request,
|
|
res: Response,
|
|
next: NextFunction
|
|
): void {
|
|
const header = req.headers.authorization;
|
|
const xApiKey = req.headers["x-api-key"] as string | undefined;
|
|
let key: string | undefined;
|
|
|
|
if (header?.startsWith("Bearer ")) {
|
|
key = header.slice(7);
|
|
} else if (xApiKey) {
|
|
key = xApiKey;
|
|
}
|
|
|
|
if (!key) {
|
|
res.status(401).json({ error: "Missing API key. Use: Authorization: Bearer <key> or X-API-Key: <key>" });
|
|
return;
|
|
}
|
|
if (!isValidKey(key)) {
|
|
res.status(403).json({ error: "Invalid API key" });
|
|
return;
|
|
}
|
|
// Attach key info to request for downstream use
|
|
(req as any).apiKeyInfo = getKeyInfo(key);
|
|
next();
|
|
}
|