Update verify.js
Browse files
verify.js
CHANGED
|
@@ -1,16 +1,14 @@
|
|
| 1 |
// verify.js
|
| 2 |
|
| 3 |
-
const manager = require('../lib/manager');
|
| 4 |
|
| 5 |
const verify = async (req, res, next) => {
|
| 6 |
console.log('[AUTH_MIDDLEWARE] Received request. Verifying API key...');
|
| 7 |
-
console.log(`[AUTH_MIDDLEWARE] Request Headers: ${JSON.stringify(req.headers)}`);
|
| 8 |
|
| 9 |
-
|
| 10 |
-
// HTTP headers are case-insensitive, but Node.js's req.headers object keys are lowercased.
|
| 11 |
-
const apiKey = req.headers['x-api-key'];
|
| 12 |
|
| 13 |
-
if (!
|
| 14 |
console.log('[AUTH_MIDDLEWARE] Unauthorized: x-api-key header is missing.');
|
| 15 |
return res.status(401).json({
|
| 16 |
error: {
|
|
@@ -21,9 +19,19 @@ const verify = async (req, res, next) => {
|
|
| 21 |
});
|
| 22 |
}
|
| 23 |
|
| 24 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
|
| 26 |
-
// 从环境变量获取预期的 AUTH_TOKEN
|
| 27 |
const expectedToken = process.env.AUTH_TOKEN;
|
| 28 |
|
| 29 |
if (!expectedToken) {
|
|
@@ -65,9 +73,7 @@ const verify = async (req, res, next) => {
|
|
| 65 |
});
|
| 66 |
}
|
| 67 |
} else {
|
| 68 |
-
|
| 69 |
-
// 可以打印接收到的 token 和预期 token 的部分信息(例如长度或哈希值)进行比较
|
| 70 |
-
console.warn(`[AUTH_MIDDLEWARE] Unauthorized: Invalid API key. Received: "${apiKey}", Expected token (length): ${expectedToken.length}`);
|
| 71 |
return res.status(401).json({
|
| 72 |
error: {
|
| 73 |
message: 'Unauthorized: Invalid API Key.',
|
|
|
|
| 1 |
// verify.js
|
| 2 |
|
| 3 |
+
const manager = require('../lib/manager');
|
| 4 |
|
| 5 |
const verify = async (req, res, next) => {
|
| 6 |
console.log('[AUTH_MIDDLEWARE] Received request. Verifying API key...');
|
| 7 |
+
console.log(`[AUTH_MIDDLEWARE] Request Headers: ${JSON.stringify(req.headers)}`);
|
| 8 |
|
| 9 |
+
const apiKeyHeaderValue = req.headers['x-api-key']; // Get the raw header value
|
|
|
|
|
|
|
| 10 |
|
| 11 |
+
if (!apiKeyHeaderValue) {
|
| 12 |
console.log('[AUTH_MIDDLEWARE] Unauthorized: x-api-key header is missing.');
|
| 13 |
return res.status(401).json({
|
| 14 |
error: {
|
|
|
|
| 19 |
});
|
| 20 |
}
|
| 21 |
|
| 22 |
+
let apiKey = apiKeyHeaderValue; // Initialize apiKey with the full header value
|
| 23 |
+
|
| 24 |
+
// Check if the header value starts with "Bearer " (case-insensitive) and remove it
|
| 25 |
+
if (apiKeyHeaderValue.toLowerCase().startsWith('bearer ')) {
|
| 26 |
+
apiKey = apiKeyHeaderValue.substring(7); // "Bearer " is 7 characters long
|
| 27 |
+
console.log(`[AUTH_MIDDLEWARE] "Bearer " prefix found and stripped from x-api-key. Effective API key: "${apiKey}"`);
|
| 28 |
+
} else {
|
| 29 |
+
console.log(`[AUTH_MIDDLEWARE] No "Bearer " prefix found in x-api-key. Using as is: "${apiKeyHeaderValue}"`);
|
| 30 |
+
// apiKey remains apiKeyHeaderValue
|
| 31 |
+
}
|
| 32 |
+
|
| 33 |
+
console.log(`[AUTH_MIDDLEWARE] Processed x-api-key for comparison: "${apiKey}"`);
|
| 34 |
|
|
|
|
| 35 |
const expectedToken = process.env.AUTH_TOKEN;
|
| 36 |
|
| 37 |
if (!expectedToken) {
|
|
|
|
| 73 |
});
|
| 74 |
}
|
| 75 |
} else {
|
| 76 |
+
console.warn(`[AUTH_MIDDLEWARE] Unauthorized: Invalid API key. Received for comparison: "${apiKey}", Expected token (from env, length): ${expectedToken.length}`);
|
|
|
|
|
|
|
| 77 |
return res.status(401).json({
|
| 78 |
error: {
|
| 79 |
message: 'Unauthorized: Invalid API Key.',
|