From 8d9f38b1dd043cd5d62b288f7e827626654392be Mon Sep 17 00:00:00 2001 From: AdenForshaw Date: Fri, 1 Nov 2024 09:40:56 +1100 Subject: [PATCH] Allowed API Key as query param for learning --- package.json | 2 +- src/middleware/auth-api.middleware.ts | 42 ++++++++++++++++++++++----- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index f62283e..c9c74a5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "overture-maps-api", - "version": "0.0.4", + "version": "0.0.5", "description": "", "author": "", "private": true, diff --git a/src/middleware/auth-api.middleware.ts b/src/middleware/auth-api.middleware.ts index 6c64da5..85d6d67 100644 --- a/src/middleware/auth-api.middleware.ts +++ b/src/middleware/auth-api.middleware.ts @@ -12,22 +12,48 @@ const DEMO_API_KEY = 'demo-api-key'; @Injectable() export class AuthAPIMiddleware implements NestMiddleware { + + private logger = new Logger('AuthAPIMiddleware'); private theAuthAPI: TheAuthAPI; constructor() { if(process.env.AUTH_API_ACCESS_KEY && process.env.AUTH_API_ACCESS_KEY!="create-one-from-theauthapi.com")this.theAuthAPI = new TheAuthAPI(process.env.AUTH_API_ACCESS_KEY); } - async use(req: Request, res: Response, next: () => void) { + getAPIKeyFromHeaderOrQuery(req: Request): string|undefined { + // as this is an educational API we want to be a little flexible with the API key header names + const apiKeys = ['X-Api-Key','api_key', 'api-key', 'apiKey', 'apikey']; + + //check if any in the headers + const header: string | undefined = apiKeys + .map((key) => req.get(key)) + .find((value) => value !== undefined); + + if (header) { + return header; + } - if (!req.get('X-Api-Key') && !req.get('api_key') && !req.get('api-key') || req.res.locals['user']?.id ) { - next(); - } else { - const key: string = req.get('X-Api-Key') || req.get('api_key') || req.get('api-key'); + const queryParam: string | undefined = apiKeys + .map((key) => req.query[key] as string | undefined) + .find((value) => value !== undefined); - if (key.toLowerCase() === DEMO_API_KEY) { + return queryParam; + + } + + async use(req: Request, res: Response, next: () => void) { + + const apiKeyString = this.getAPIKeyFromHeaderOrQuery(req); + + this.logger.log(`API Key: ${apiKeyString}`); + //if no api key, or user is already set, skip + if (!apiKeyString || req.res.locals['user']?.id ) { + next(); + } else { + //if demo key, set user to demo user + if (apiKeyString.toLowerCase() === DEMO_API_KEY) { req['user'] = req.res.locals['user'] = { metadata: { isDemoAccount:true @@ -45,7 +71,7 @@ export class AuthAPIMiddleware implements NestMiddleware { next(); return; } - const apiKey = await this.theAuthAPI.apiKeys.authenticateKey(key); + const apiKey = await this.theAuthAPI.apiKeys.authenticateKey(apiKeyString); if (apiKey) { const userObj = { metadata: apiKey.customMetaData, @@ -59,7 +85,7 @@ export class AuthAPIMiddleware implements NestMiddleware { next(); return; } catch (error) { - Logger.error('APIKeyMiddleware Error:', error, ` key: ${key}`); + Logger.error('APIKeyMiddleware Error:', error, ` key: ${apiKeyString}`); } next() return;