fix architecture and write new tests
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { Request, Response, NextFunction } from 'express'
|
||||
import { prisma } from '../lib/prisma'
|
||||
import { getApiKeyPrefix, hashApiKey, timingSafeEqualHex } from '../security/apiKeys'
|
||||
|
||||
export async function requireApiKey(req: Request, res: Response, next: NextFunction) {
|
||||
const apiKey = req.headers['x-api-key'] as string | undefined
|
||||
@@ -8,12 +9,27 @@ export async function requireApiKey(req: Request, res: Response, next: NextFunct
|
||||
return res.status(401).json({ error: 'missing_api_key', message: 'API key required in x-api-key header', statusCode: 401 })
|
||||
}
|
||||
|
||||
const company = await prisma.company.findUnique({ where: { apiKey } })
|
||||
if (!company) {
|
||||
const prefix = getApiKeyPrefix(apiKey)
|
||||
if (!prefix) {
|
||||
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 })
|
||||
}
|
||||
|
||||
req.company = company
|
||||
req.companyId = company.id
|
||||
const keyRecord = await (prisma as any).companyApiKey.findUnique({
|
||||
where: { prefix },
|
||||
include: { company: true },
|
||||
})
|
||||
|
||||
const hashed = hashApiKey(apiKey)
|
||||
if (!keyRecord || keyRecord.revokedAt || !timingSafeEqualHex(hashed, keyRecord.keyHash)) {
|
||||
return res.status(401).json({ error: 'invalid_api_key', message: 'Invalid API key', statusCode: 401 })
|
||||
}
|
||||
|
||||
await (prisma as any).companyApiKey.update({
|
||||
where: { id: keyRecord.id },
|
||||
data: { lastUsedAt: new Date() },
|
||||
})
|
||||
|
||||
req.company = keyRecord.company
|
||||
req.companyId = keyRecord.companyId
|
||||
next()
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user