UNPKG

@doneisbetter/sso

Version:

A secure, privacy-focused SSO solution with ephemeral token handling

sso.doneisbetter.com

moldovancsaba/sso

50 lines (40 loc) 1.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { NextApiRequest, NextApiResponse } from 'next'; import { Database } from '../db/database'; import { TenantConfig, TenantDocument } from '../types/tenant'; // Rate limiting using a simple in-memory store // In production, this should use Redis or a similar distributed cache const rateLimitStore: { [key: string]: { count: number; resetTime: number } } = {}; export async function validateTenant( req: NextApiRequest, res: NextApiResponse, next: () => void ) { const apiKey = req.headers['x-api-key'] as string; const clientIp = req.headers['x-forwarded-for'] as string || req.socket.remoteAddress; if (!apiKey) { return res.status(401).json({ error: 'API key required' }); } try { const db = await Database.getInstance(); const tenantDoc = await db.validateApiKey(apiKey); if (!tenantDoc) { return res.status(401).json({ error: 'Invalid API key' }); } // Map MongoDB document to TenantConfig const tenant: TenantConfig = { id: tenantDoc._id ? tenantDoc._id.toString() : '', name: tenantDoc.name, domain: tenantDoc.domain, settings: tenantDoc.settings, apiKeys: tenantDoc.apiKeys, createdAt: tenantDoc.createdAt, updatedAt: tenantDoc.updatedAt }; // Add tenant to request for use in route handlers (req as any).tenant = tenant; next(); } catch (error) { console.error('Tenant validation error:', error); return res.status(500).json({ error: 'Internal server error' }); } }