Initial commit: Setup Bun, Elysia, Vite, React, TanStack Router, Mantine, and Biome

2026-02-07 02:15:29 +08:00
commit b9abcaadde
46 changed files with 5742 additions and 0 deletions
--- a/src/middleware/apiMiddleware.tsx
+++ b/src/middleware/apiMiddleware.tsx
@@ -0,0 +1,95 @@
+import type Elysia from "elysia";
+import { auth } from "@/utils/auth";
+import { prisma } from "@/utils/db";
+import logger from "@/utils/logger";
+
+export function apiMiddleware(app: Elysia) {
+	return app
+		.derive(async ({ request }) => {
+			const headers = request.headers;
+
+			// First, try to get user from session (Better Auth)
+			const userSession = await auth.api.getSession({
+				headers,
+			});
+
+			if (userSession?.user) {
+				// Return user data from session if authenticated via session
+				return {
+					user: {
+						...userSession.user,
+						id: userSession.user.id,
+						email: userSession.user.email,
+						name: userSession.user.name,
+						image: userSession.user.image,
+						emailVerified: userSession.user.emailVerified,
+						role: userSession.user.role || "user",
+					},
+				};
+			}
+
+			// If no session, try API key authentication
+			let apiKey = headers.get("x-api-key");
+
+			if (!apiKey) {
+				// Also check Authorization header for API key
+				const authHeader =
+					headers.get("authorization") || headers.get("Authorization");
+				if (authHeader?.startsWith("Bearer ")) {
+					apiKey = authHeader.substring(7);
+				}
+			}
+
+			if (!apiKey) {
+				return { user: null };
+			}
+
+			try {
+				// Look up the API key in the database
+				const apiKeyRecord = await prisma.apiKey.findFirst({
+					where: {
+						key: apiKey,
+						isActive: true,
+					},
+					include: {
+						user: true, // Include the associated user
+					},
+				});
+
+				if (!apiKeyRecord) {
+					return { user: null };
+				}
+
+				// Check if API key has expired
+				if (
+					apiKeyRecord.expiresAt &&
+					new Date(apiKeyRecord.expiresAt) < new Date()
+				) {
+					logger.info({ keyId: apiKeyRecord.id }, "[AUTH] API key expired");
+					return { user: null };
+				}
+
+				// Return the associated user data
+				return {
+					user: {
+						id: apiKeyRecord.user.id,
+						email: apiKeyRecord.user.email,
+						name: apiKeyRecord.user.name,
+						image: apiKeyRecord.user.image,
+						emailVerified: apiKeyRecord.user.emailVerified,
+						role: apiKeyRecord.user.role || "user",
+					},
+				};
+			} catch (err) {
+				logger.warn({ err }, "[AUTH] Error verifying API key");
+				return { user: null };
+			}
+		})
+		.onBeforeHandle(({ user, set, request }) => {
+			if (!user) {
+				logger.warn(`[AUTH] Unauthorized: ${request.method} ${request.url}`);
+				set.status = 401;
+				return { message: "Unauthorized" };
+			}
+		});
+}