| import { Request, Response, NextFunction } from "express"; | |
| import { validateKey, getAdminSecret } from "../lib/apiKeys.js"; | |
| export function requireApiKey(req: Request, res: Response, next: NextFunction) { | |
| const authHeader = req.headers["authorization"] ?? ""; | |
| const key = authHeader.startsWith("Bearer ") | |
| ? authHeader.slice(7).trim() | |
| : (req.headers["x-api-key"] as string | undefined)?.trim() ?? ""; | |
| if (!key) { | |
| res.status(401).json({ error: "API key required. Use the header: Authorization: Bearer <your-key>" }); | |
| return; | |
| } | |
| const found = validateKey(key); | |
| if (!found) { | |
| res.status(403).json({ error: "Invalid or revoked API key." }); | |
| return; | |
| } | |
| (req as any).apiKey = found; | |
| next(); | |
| } | |
| export function requireAdmin(req: Request, res: Response, next: NextFunction) { | |
| const secret = req.headers["x-admin-secret"] as string | undefined; | |
| if (!secret || secret !== getAdminSecret()) { | |
| res.status(403).json({ error: "Incorrect admin secret." }); | |
| return; | |
| } | |
| next(); | |
| } | |