MayaTheShy/cc-platform-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
cc-platform-core/server/auth.js
MayaTheShy 6050c4e22b initial commit
2026-03-26 15:00:49 -04:00

65 lines
2.0 KiB
JavaScript
Raw Permalink Blame History

/**
* @cc-platform/server/auth — API key authentication middleware
*
* Extracted from the structurally identical auth code in both
* remoteturtle/server/server.js and Inventory-Manager-CC/web/server/server.js.
*
* Usage:
* const { createAuthMiddleware } = require('@cc-platform/server/auth');
* const auth = createAuthMiddleware(process.env.API_KEY);
* app.use(auth.protectMutations);
*
* // Or protect specific routes:
* app.post('/api/admin', auth.requireAuth, handler);
*/
'use strict';
/**
* Create an auth middleware suite for the given API key.
*
* If apiKey is falsy or empty, all requests are allowed through
* (auth is effectively disabled).
*
* @param {string} apiKey - The expected API key (from env or config)
* @returns {{ extractApiKey, requireAuth, protectMutations }}
*/
function createAuthMiddleware(apiKey) {
/**
* Extract an API key from a request.
* Checks, in order: Authorization Bearer header, X-API-Key header, query param.
*/
function extractApiKey(req) {
const auth = req.headers.authorization || '';
if (auth.startsWith('Bearer ')) return auth.slice(7);
return req.headers['x-api-key'] || req.query.key || '';
}
/**
* Express middleware: require valid API key.
* Passes through if auth is disabled (no API key configured).
*/
function requireAuth(req, res, next) {
if (!apiKey) return next();
const token = extractApiKey(req);
if (token === apiKey) return next();
return res.status(401).json({
error: 'Unauthorized — invalid or missing API key',
});
}
/**
* Express middleware: protect non-GET methods.
* GET, HEAD, and OPTIONS requests pass through without auth.
* All other methods require a valid API key.
*/
function protectMutations(req, res, next) {
if (['GET', 'HEAD', 'OPTIONS'].includes(req.method)) return next();
return requireAuth(req, res, next);
}
return { extractApiKey, requireAuth, protectMutations };
}
module.exports = { createAuthMiddleware };
Reference in New Issue View Git Blame Copy Permalink