2025-05-10 02:09:06 +02:00
|
|
|
/*!
|
|
|
|
|
* Copyright (c) 2024 PLANKA Software GmbH
|
|
|
|
|
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
|
|
|
|
|
*/
|
|
|
|
|
|
2025-07-13 01:00:56 +02:00
|
|
|
const bcrypt = require('bcrypt');
|
|
|
|
|
|
|
|
|
|
const API_KEY_HEADER = 'x-api-key';
|
|
|
|
|
|
2019-08-31 04:07:25 +05:00
|
|
|
module.exports = async function isAuthenticated(req, res, proceed) {
|
2025-07-13 01:00:56 +02:00
|
|
|
if (req.currentUser) return proceed();
|
|
|
|
|
|
|
|
|
|
const apiKeyHeader = req.headers[API_KEY_HEADER.toLowerCase()];
|
|
|
|
|
if (!apiKeyHeader) {
|
2019-08-31 04:07:25 +05:00
|
|
|
return res.unauthorized('Access token is missing, invalid or expired');
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-13 01:00:56 +02:00
|
|
|
if (!apiKeyHeader.includes('.')) return res.unauthorized('Invalid API key');
|
|
|
|
|
|
|
|
|
|
const [prefix] = apiKeyHeader.split('.');
|
|
|
|
|
if (!prefix) return res.unauthorized('Invalid API key');
|
|
|
|
|
|
|
|
|
|
const user = await User.findOne({ apiKeyPrefix: prefix, apiKeyHash: { '!=': null } });
|
|
|
|
|
if (!user) return res.unauthorized('Invalid API key');
|
|
|
|
|
|
|
|
|
|
const isMatch = await bcrypt.compare(apiKeyHeader, user.apiKeyHash);
|
|
|
|
|
if (!isMatch) return res.unauthorized('Invalid API key');
|
|
|
|
|
|
|
|
|
|
req.currentUser = user;
|
2019-08-31 04:07:25 +05:00
|
|
|
return proceed();
|
|
|
|
|
};
|
