wibu/monitoring-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: replace global API_KEY with per-app clientApiKey

Browse Source 
Remove global API_KEY env var and its validation in checkAuth.
Auth via x-api-key now exclusively uses clientApiKey per-app
validated inline on POST /api/bugs.
This commit is contained in:
amaliadwiy
2026-04-30 15:16:54 +08:00
parent 6124ee5bf6
commit 722bca8a61
2 changed files with 1 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/app.ts
View File

@@ -36,13 +36,6 @@ async function checkAuth(request: Request): Promise<AuthResult | null> {
}
}
const apiKey = request.headers.get('x-api-key')
if (apiKey && apiKey === env.API_KEY) {
const developer = await prisma.user.findFirst({ where: { role: 'DEVELOPER' } })
if (!developer) return null
return { actingUserId: developer.id, reporterUserId: null, isApiKey: true }
}
return null
}
@@ -885,7 +878,7 @@ export function createApp() {
set.status = 401
return { error: 'Unauthorized: provide session cookie or valid X-API-Key' }
}
const { actingUserId, reporterUserId, isApiKey } = auth
const { actingUserId, reporterUserId } = auth
const bug = await prisma.bug.create({
data: {