Allowed API Key as query param for learning

thatapicompany · Oct 31, 2024 · 8d9f38b · 8d9f38b
1 parent dcc763a
commit 8d9f38b
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 9 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "overture-maps-api",
-  "version": "0.0.4",
+  "version": "0.0.5",
   "description": "",
   "author": "",
   "private": true,

diff --git a/src/middleware/auth-api.middleware.ts b/src/middleware/auth-api.middleware.ts
@@ -12,22 +12,48 @@ const DEMO_API_KEY = 'demo-api-key';
 
 @Injectable()
 export class AuthAPIMiddleware implements NestMiddleware {
+
+  private logger = new Logger('AuthAPIMiddleware');
   private theAuthAPI: TheAuthAPI;
 
   constructor() { 
     if(process.env.AUTH_API_ACCESS_KEY && process.env.AUTH_API_ACCESS_KEY!="create-one-from-theauthapi.com")this.theAuthAPI = new TheAuthAPI(process.env.AUTH_API_ACCESS_KEY);
   }
 
-  async use(req: Request, res: Response, next: () => void) {
+  getAPIKeyFromHeaderOrQuery(req: Request): string|undefined {
 
+    // as this is an educational API we want to be a little flexible with the API key header names
+    const apiKeys = ['X-Api-Key','api_key', 'api-key', 'apiKey', 'apikey'];
+
+    //check if any in the headers
+    const header: string | undefined = apiKeys
+      .map((key) => req.get(key))
+      .find((value) => value !== undefined);
+
+    if (header) {
+      return header;
+    }
 
-    if (!req.get('X-Api-Key') && !req.get('api_key') && !req.get('api-key') || req.res.locals['user']?.id ) {
-      next();
-    } else {
-      const key: string = req.get('X-Api-Key') || req.get('api_key') || req.get('api-key');
 
+    const queryParam: string | undefined = apiKeys
+      .map((key) => req.query[key] as string | undefined)
+      .find((value) => value !== undefined);
 
-      if (key.toLowerCase() === DEMO_API_KEY) {
+      return queryParam;    
+
+  }
+
+  async use(req: Request, res: Response, next: () => void) {
+
+    const apiKeyString = this.getAPIKeyFromHeaderOrQuery(req);
+
+    this.logger.log(`API Key: ${apiKeyString}`);
+    //if no api key, or user is already set, skip
+    if (!apiKeyString || req.res.locals['user']?.id ) {
+      next();
+    } else {
+      //if demo key, set user to demo user
+      if (apiKeyString.toLowerCase() === DEMO_API_KEY) {
         req['user'] = req.res.locals['user'] = {
           metadata: {
             isDemoAccount:true
@@ -45,7 +71,7 @@ export class AuthAPIMiddleware implements NestMiddleware {
           next();
           return;
         }
-        const apiKey = await this.theAuthAPI.apiKeys.authenticateKey(key); 
+        const apiKey = await this.theAuthAPI.apiKeys.authenticateKey(apiKeyString); 
         if (apiKey) {
           const userObj = {
             metadata: apiKey.customMetaData,
@@ -59,7 +85,7 @@ export class AuthAPIMiddleware implements NestMiddleware {
         next();
         return;
       } catch (error) {
-        Logger.error('APIKeyMiddleware Error:', error, ` key: ${key}`);
+        Logger.error('APIKeyMiddleware Error:', error, ` key: ${apiKeyString}`);
       }
       next()
       return;