CognxSafeTrack Claude Sonnet 4.6 commited on
Commit ·
c5813d5
1
Parent(s): cbaf159
fix(auth): validateApiKey accepts Bearer pattern used by worker
Browse filesThe worker's api-client.ts sends Authorization: Bearer ADMIN_API_KEY,
not x-api-key. Without this fix all worker→API internal calls would
get 401 after the preHandler security chain was wired.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
apps/api/src/middleware/validateApiKey.ts
ADDED
|
@@ -0,0 +1,18 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import { FastifyRequest } from 'fastify';
|
| 2 |
+
|
| 3 |
+
/**
|
| 4 |
+
* Accepts two patterns:
|
| 5 |
+
* 1. x-api-key: ADMIN_API_KEY (direct header)
|
| 6 |
+
* 2. Authorization: Bearer ADMIN_API_KEY (worker internal calls via api-client.ts)
|
| 7 |
+
*/
|
| 8 |
+
export const validateApiKey = async (request: FastifyRequest): Promise<boolean> => {
|
| 9 |
+
const apiKey = process.env.ADMIN_API_KEY;
|
| 10 |
+
if (!apiKey) return false;
|
| 11 |
+
|
| 12 |
+
if (request.headers['x-api-key'] === apiKey) return true;
|
| 13 |
+
|
| 14 |
+
const authHeader = request.headers['authorization'];
|
| 15 |
+
if (authHeader === `Bearer ${apiKey}`) return true;
|
| 16 |
+
|
| 17 |
+
return false;
|
| 18 |
+
};
|