Spaces:
Sleeping
Sleeping
| ; | |
| /** | |
| * ============================================================ | |
| * Mvemba Research Systems — Steny Bridge | |
| * Security Module (Scientific Implementation Notes) | |
| * - API key authentication for outbound send requests | |
| * - Optional HMAC signing for inbound events to n8n | |
| * ============================================================ | |
| */ | |
| const crypto = require("crypto"); | |
| function safeEqual(a, b) { | |
| const aa = Buffer.from(String(a)); | |
| const bb = Buffer.from(String(b)); | |
| if (aa.length !== bb.length) return false; | |
| return crypto.timingSafeEqual(aa, bb); | |
| } | |
| function requireApiKey(req, res, next) { | |
| const expected = process.env.BRIDGE_API_KEY || ""; | |
| const got = req.headers["x-api-key"] || req.headers["X-API-Key"] || ""; | |
| if (!expected || !safeEqual(got, expected)) { | |
| return res.status(401).json({ error: "Unauthorized" }); | |
| } | |
| return next(); | |
| } | |
| /** | |
| * HMAC signature for events sent to n8n | |
| * Header: x-steny-signature: sha256=<hex> | |
| */ | |
| function signPayload(payload, secret) { | |
| const h = crypto.createHmac("sha256", secret); | |
| h.update(JSON.stringify(payload)); | |
| return `sha256=${h.digest("hex")}`; | |
| } | |
| module.exports = { | |
| requireApiKey, | |
| signPayload | |
| }; | |