UNPKG

@frangoteam/fuxa

Version:

Web-based Process Visualization (SCADA/HMI/Dashboard) software

github.com/frangoteam/FUXA

frangoteam/FUXA

48 lines (42 loc) 1.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
'use strict'; const authJwt = require('../jwt-helper'); /** * Middleware that accepts either JWT (x-access-token) or API key (x-api-key). * It is active only when security is enabled. */ module.exports = function verifyApiOrToken(runtime) { return async function (req, res, next) { if (!runtime?.settings?.secureEnabled) { return next(); } const apiKey = req.headers['x-api-key']; if (apiKey) { try { const stored = await runtime.apiKeys.getApiKeys(); const now = Date.now(); const validKey = stored.find(k => { if (!k || k.key !== apiKey || k.enabled === false) { return false; } if (!k.expires) { return true; } const expiresAt = new Date(k.expires).getTime(); return !isNaN(expiresAt) && expiresAt > now; }); if (validKey) { req.apiKey = validKey; // Grant admin group to match existing authorization checks. req.userId = validKey.id || `apikey:${apiKey}`; req.userGroups = authJwt.adminGroups[0]; return next(); } } catch (err) { runtime.logger.error(`api-key validation failed: ${err}`); return res.status(500).json({ error: 'unexpected_error', message: 'ApiKey validation failed' }); } return res.status(401).json({ error: 'unauthorized_error', message: 'Invalid API Key' }); } return authJwt.verifyToken(req, res, next); }; };