wibu/sistem-desa-mandiri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add API key protection for /api/monitoring endpoints

Browse Source
This commit is contained in:
amaliadwiy
2026-04-30 13:48:12 +08:00
parent 242d8fa219
commit 191e3624b8
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.env.example
View File

@@ -42,6 +42,12 @@ VAPID_PRIVATE_KEY="UHDY8M3-0beVIA2kt2zL3ZeMStJ0j6zVkVd2Cfqpgrc"
# API key for file operations (upload, delete, copy, view directory) # API key for file operations (upload, delete, copy, view directory)
WS_APIKEY="your-websocket-api-key" WS_APIKEY="your-websocket-api-key"
# ===========================================
# MONITORING API
# ===========================================
# API key untuk akses endpoint /api/monitoring (header: x-api-key)
MONITORING_API_KEY="your-monitoring-api-key"
# =========================================== # ===========================================
# APPLICATION SETTINGS # APPLICATION SETTINGS
# =========================================== # ===========================================

12
src/app/api/monitoring/[[...slug]]/route.ts
View File

@@ -25,6 +25,18 @@ const MonitoringServer = new Elysia({ prefix: "/api/monitoring" })
} }
} }
})) }))
.onBeforeHandle(({ request, set, path }) => {
// Docs tidak perlu API key
if (path.startsWith("/api/monitoring/docs")) return;
const apiKey = process.env.MONITORING_API_KEY;
const incoming = request.headers.get("x-api-key");
if (!apiKey || incoming !== apiKey) {
set.status = 401;
return { success: false, message: "Unauthorized" };
}
})
.get("/grid-overview", async ({ query, set }) => { .get("/grid-overview", async ({ query, set }) => {
try { try {