Files
alrahma_sunday_school_api/apps/api/dist/middleware/requireApiKey.js
T
2026-06-11 03:22:12 -04:00

31 lines
1.3 KiB
JavaScript

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.requireApiKey = requireApiKey;
const prisma_1 = require("../lib/prisma");
const apiKeys_1 = require("../security/apiKeys");
async function requireApiKey(req, res, next) {
const apiKey = req.headers['x-api-key'];
if (!apiKey) {
return res.status(401).json({ error: 'missing_api_key', message: 'API key required in x-api-key header', statusCode: 401 });
}
const prefix = (0, apiKeys_1.getApiKeyPrefix)(apiKey);
if (!prefix) {
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 });
}
const keyRecord = await prisma_1.prisma.companyApiKey.findUnique({
where: { prefix },
include: { company: true },
});
const hashed = (0, apiKeys_1.hashApiKey)(apiKey);
if (!keyRecord || keyRecord.revokedAt || !(0, apiKeys_1.timingSafeEqualHex)(hashed, keyRecord.keyHash)) {
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 });
}
await prisma_1.prisma.companyApiKey.update({
where: { id: keyRecord.id },
data: { lastUsedAt: new Date() },
});
req.company = keyRecord.company;
req.companyId = keyRecord.companyId;
next();
}
//# sourceMappingURL=requireApiKey.js.map