"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireApiKey = requireApiKey; const prisma_1 = require("../lib/prisma"); const apiKeys_1 = require("../security/apiKeys"); async function requireApiKey(req, res, next) { const apiKey = req.headers['x-api-key']; if (!apiKey) { return res.status(401).json({ error: 'missing_api_key', message: 'API key required in x-api-key header', statusCode: 401 }); } const prefix = (0, apiKeys_1.getApiKeyPrefix)(apiKey); if (!prefix) { return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 }); } const keyRecord = await prisma_1.prisma.companyApiKey.findUnique({ where: { prefix }, include: { company: true }, }); const hashed = (0, apiKeys_1.hashApiKey)(apiKey); if (!keyRecord || keyRecord.revokedAt || !(0, apiKeys_1.timingSafeEqualHex)(hashed, keyRecord.keyHash)) { return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 }); } await prisma_1.prisma.companyApiKey.update({ where: { id: keyRecord.id }, data: { lastUsedAt: new Date() }, }); req.company = keyRecord.company; req.companyId = keyRecord.companyId; next(); } //# sourceMappingURL=requireApiKey.js.map