File size: 1,446 Bytes
c78c312 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | /**
* API Key Authentication Middleware
*
* Research preview uses a simple bearer token scheme.
* Keys are loaded from the GODMODE_API_KEYS environment variable
* (comma-separated list) or a single GODMODE_API_KEY.
*
* If neither is set, auth is disabled (open access for local dev).
*/
import type { Request, Response, NextFunction } from 'express'
function getValidKeys(): Set<string> | null {
const multi = process.env.GODMODE_API_KEYS
if (multi) {
return new Set(multi.split(',').map(k => k.trim()).filter(Boolean))
}
const single = process.env.GODMODE_API_KEY
if (single) {
return new Set([single.trim()])
}
return null // Auth disabled
}
export function apiKeyAuth(req: Request, res: Response, next: NextFunction): void {
const validKeys = getValidKeys()
// If no keys configured, allow all requests (local dev mode)
if (!validKeys) {
;(req as any).apiKeyId = 'anonymous'
next()
return
}
const authHeader = req.headers.authorization
if (!authHeader || !authHeader.startsWith('Bearer ')) {
res.status(401).json({
error: 'Missing or invalid Authorization header. Use: Bearer <your-api-key>',
})
return
}
const key = authHeader.slice(7).trim()
if (!validKeys.has(key)) {
res.status(403).json({ error: 'Invalid API key' })
return
}
// Attach a key identifier for rate limiting (first 8 chars)
;(req as any).apiKeyId = key.slice(0, 8)
next()
}
|