31 lines
1.3 KiB
JavaScript
31 lines
1.3 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requireApiKey = requireApiKey;
|
|
const prisma_1 = require("../lib/prisma");
|
|
const apiKeys_1 = require("../security/apiKeys");
|
|
async function requireApiKey(req, res, next) {
|
|
const apiKey = req.headers['x-api-key'];
|
|
if (!apiKey) {
|
|
return res.status(401).json({ error: 'missing_api_key', message: 'API key required in x-api-key header', statusCode: 401 });
|
|
}
|
|
const prefix = (0, apiKeys_1.getApiKeyPrefix)(apiKey);
|
|
if (!prefix) {
|
|
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 });
|
|
}
|
|
const keyRecord = await prisma_1.prisma.companyApiKey.findUnique({
|
|
where: { prefix },
|
|
include: { company: true },
|
|
});
|
|
const hashed = (0, apiKeys_1.hashApiKey)(apiKey);
|
|
if (!keyRecord || keyRecord.revokedAt || !(0, apiKeys_1.timingSafeEqualHex)(hashed, keyRecord.keyHash)) {
|
|
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 });
|
|
}
|
|
await prisma_1.prisma.companyApiKey.update({
|
|
where: { id: keyRecord.id },
|
|
data: { lastUsedAt: new Date() },
|
|
});
|
|
req.company = keyRecord.company;
|
|
req.companyId = keyRecord.companyId;
|
|
next();
|
|
}
|
|
//# sourceMappingURL=requireApiKey.js.map
|