Spaces:
Running
Running
| /** | |
| * API Key Authentication Middleware | |
| * | |
| * Research preview uses a simple bearer token scheme. | |
| * Keys are loaded from the GODMODE_API_KEYS environment variable | |
| * (comma-separated list) or a single GODMODE_API_KEY. | |
| * | |
| * If neither is set, auth is disabled (open access for local dev). | |
| */ | |
| import type { Request, Response, NextFunction } from 'express' | |
| function getValidKeys(): Set<string> | null { | |
| const multi = process.env.GODMODE_API_KEYS | |
| if (multi) { | |
| return new Set(multi.split(',').map(k => k.trim()).filter(Boolean)) | |
| } | |
| const single = process.env.GODMODE_API_KEY | |
| if (single) { | |
| return new Set([single.trim()]) | |
| } | |
| return null // Auth disabled | |
| } | |
| export function apiKeyAuth(req: Request, res: Response, next: NextFunction): void { | |
| const validKeys = getValidKeys() | |
| // If no keys configured, allow all requests (local dev mode) | |
| if (!validKeys) { | |
| ;(req as any).apiKeyId = 'anonymous' | |
| next() | |
| return | |
| } | |
| const authHeader = req.headers.authorization | |
| if (!authHeader || !authHeader.startsWith('Bearer ')) { | |
| res.status(401).json({ | |
| error: 'Missing or invalid Authorization header. Use: Bearer <your-api-key>', | |
| }) | |
| return | |
| } | |
| const key = authHeader.slice(7).trim() | |
| if (!validKeys.has(key)) { | |
| res.status(403).json({ error: 'Invalid API key' }) | |
| return | |
| } | |
| // Attach a key identifier for rate limiting (first 8 chars) | |
| ;(req as any).apiKeyId = key.slice(0, 8) | |
| next() | |
| } | |