apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-27 17:36:25 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

use api key instead of project secret

Browse source
This commit is contained in:
ramnique 2025-01-27 10:59:07 +05:30
parent 83591a690d
commit e3576489e3
5 changed files with 29 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

22
apps/rowboat/app/api/v1/utils.ts
View file

@ -1,22 +1,26 @@
import { NextRequest } from "next/server";
import { projectsCollection } from "@/app/lib/mongodb";
import { apiKeysCollection, projectsCollection } from "@/app/lib/mongodb";
export async function authCheck(projectId: string, req: NextRequest, handler: () => Promise<Response>): Promise<Response> {
const authHeader = req.headers.get('Authorization');
if (!authHeader?.startsWith('Bearer ')) {
return Response.json({ error: "Authorization header must be a Bearer token" }, { status: 400 });
}
const token = authHeader.split(' ')[1];
if (!token) {
const key = authHeader.split(' ')[1];
if (!key) {
return Response.json({ error: "Missing API key in request" }, { status: 400 });
}
// check the key in project settings
const project = await projectsCollection.findOne({
_id: projectId,
secret: token,
});
if (!project) {
// check if api key is valid
// while also updating last used timestamp
const result = await apiKeysCollection.findOneAndUpdate(
{
projectId,
key,
},
{ $set: { lastUsedAt: new Date().toISOString() } }
);
if (!result) {
return Response.json({ error: "Invalid API key" }, { status: 403 });
}