UNPKG

@unkey/hono

Version:

<div align="center"> <h1 align="center">@unkey/hono</h1> <h5>Hono.js middleware for authenticating API keys</h5> </div>

github.com/unkeyed/sdks/tree/main/hono

134 lines (100 loc) 2.94 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
<div align="center"> <h1 align="center">@unkey/hono</h1> <h5>Hono.js middleware for authenticating API keys</h5> </div> <div align="center"> Inspired by <a href="https://www.openstatus.dev/blog/secure-api-with-unkey">openstatus.dev/blog/secure-api-with-unkey</a> </div> <br/> ## Installation ```bash npm install @unkey/hono ``` ## Quickstart Here's a simple example of how to use the Unkey middleware in your Hono.js application: ```ts import { Hono } from "hono"; import { UnkeyContext, unkey } from "@unkey/hono"; const app = new Hono<{ Variables: { unkey: UnkeyContext } }>(); app.use( "*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!, // Your Unkey root key }), ); app.get("/protected", (c) => { // Access the unkey response here to get metadata of the key etc const unkeyResponse = c.get("unkey"); if (!unkeyResponse.data.valid) { return c.json({ error: "Unauthorized" }, 401); } return c.json({ message: "Access granted!", keyId: unkeyResponse.data.keyId, }); }); ``` **Note:** You need to provide your Unkey root key for key verification. Get your root key from the [Unkey dashboard](https://app.unkey.com/settings/root-keys). ## Configuration Options The `unkey` middleware accepts the following configuration options: ### Required Configuration - `rootKey`: Your Unkey root key (required for API authentication) ### Optional Configuration - `tags`: Array of tags to filter keys during verification - `permissions`: Required permissions for the key to be valid - `getKey`: Custom function to extract the key from the request - `handleInvalidKey`: Custom handler for invalid keys - `onError`: Custom error handler ## Advanced Usage ### Custom Key Extraction By default, the middleware looks for a bearer token in the `Authorization` header. You can customize this: ```ts app.use( "*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!, getKey: (c) => c.req.query("api_key"), // Get key from query parameter }), ); ``` ### Tags and Permissions You can require specific tags or permissions for key verification: ```ts app.use( "*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!, tags: ["api", "production"], permissions: "read:data", }), ); ``` ### Custom Invalid Key Handler Handle invalid keys with custom logic: ```ts app.use( "*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!, handleInvalidKey: (c, result) => { return c.json({ error: "Invalid API key" }, 401); }, }), ); ``` ### Custom Error Handler Handle API errors with custom logic: ```ts app.use( "*", unkey({ rootKey: process.env.UNKEY_ROOT_KEY!, onError: (c, err) => { console.error("Unkey error:", err.message); return c.json({ error: "Authentication service unavailable" }, 503); }, }), ); ``` ## Documentation Check out the full docs at [unkey.com/docs/libraries/ts/hono](https://unkey.com/docs/libraries/ts/hono).