@fdm-monster/server/dist/middleware/api-key.strategy.js

FDM Monster is a bulk OctoPrint, Klipper, PrusaLink and BambuLab manager to set up, configure and monitor 3D printers. Our aim is to provide neat overview over your farm.

import { Strategy } from "passport";
//#region src/middleware/api-key.strategy.ts
/**
* Passport strategy for API-key bearer auth. Slotted between JWT and Anonymous
* so a request with no auth header still falls through to anonymous.
*
* Important: we do NOT look up the bound user. The api_key_role join is the
* sole permission source for the request — keys are self-contained credentials,
* not user impersonation. `req.user.isApiKey === true` and `req.user.id = -1`
* are how downstream audit/branching code can detect an api-key principal.
*/
var ApiKeyStrategy = class extends Strategy {
	name = "api-key";
	constructor(apiKeyService) {
		super();
		this.apiKeyService = apiKeyService;
	}
	async authenticate(req, _options) {
		const header = req.headers.authorization;
		const token = header?.startsWith("Bearer ") ? header.slice(7) : void 0;
		if (!token || !this.apiKeyService.looksLikeApiKey(token)) return this.pass();
		try {
			const apiKey = await this.apiKeyService.verify(token);
			if (!apiKey) return this.fail({ message: "Invalid API key" }, 401);
			const principal = {
				id: -1,
				username: `api-key:${apiKey.id}`,
				isDemoUser: false,
				isRootUser: false,
				isVerified: true,
				needsPasswordChange: false,
				createdAt: apiKey.createdAt,
				roles: (apiKey.roles ?? []).map((r) => r.name),
				isApiKey: true
			};
			return this.success(principal);
		} catch (err) {
			return this.error(err instanceof Error ? err : new Error(String(err)));
		}
	}
};
//#endregion
export { ApiKeyStrategy };

//# sourceMappingURL=api-key.strategy.js.map