manifest
Version:
Self-hosted Manifest LLM router with embedded server, SQLite database, and dashboard
89 lines • 4.19 kB
JavaScript
;
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
return c > 3 && r && Object.defineProperty(target, key, r), r;
};
var __metadata = (this && this.__metadata) || function (k, v) {
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
};
var __param = (this && this.__param) || function (paramIndex, decorator) {
return function (target, key) { decorator(target, key, paramIndex); }
};
var ApiKeyGuard_1;
Object.defineProperty(exports, "__esModule", { value: true });
exports.ApiKeyGuard = void 0;
const common_1 = require("@nestjs/common");
const core_1 = require("@nestjs/core");
const config_1 = require("@nestjs/config");
const typeorm_1 = require("@nestjs/typeorm");
const typeorm_2 = require("typeorm");
const crypto_1 = require("crypto");
const api_key_entity_1 = require("../../entities/api-key.entity");
const public_decorator_1 = require("../decorators/public.decorator");
const hash_util_1 = require("../utils/hash.util");
let ApiKeyGuard = ApiKeyGuard_1 = class ApiKeyGuard {
reflector;
configService;
apiKeyRepo;
logger = new common_1.Logger(ApiKeyGuard_1.name);
constructor(reflector, configService, apiKeyRepo) {
this.reflector = reflector;
this.configService = configService;
this.apiKeyRepo = apiKeyRepo;
}
async canActivate(context) {
const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
context.getHandler(),
context.getClass(),
]);
if (isPublic)
return true;
const request = context.switchToHttp().getRequest();
if (request.user)
return true;
const apiKey = request.headers['x-api-key'];
if (!apiKey || typeof apiKey !== 'string') {
this.logger.warn(`Rejected request without API key from ${request.ip}`);
throw new common_1.UnauthorizedException('X-API-Key header required');
}
const prefix = (0, hash_util_1.keyPrefix)(apiKey);
const candidates = await this.apiKeyRepo.find({ where: { key_prefix: prefix } });
const found = candidates.find((c) => (0, hash_util_1.verifyKey)(apiKey, c.key_hash));
if (found) {
request.apiKeyUserId = String(found.user_id);
this.apiKeyRepo
.createQueryBuilder()
.update(api_key_entity_1.ApiKey)
.set({ last_used_at: () => 'CURRENT_TIMESTAMP' })
.where('id = :id', { id: found.id })
.execute()
.catch((err) => this.logger.warn(`Failed to update last_used_at: ${err.message}`));
return true;
}
const validKey = this.configService.get('app.apiKey', '');
if (validKey && this.safeCompare(apiKey, validKey)) {
return true;
}
this.logger.warn(`Rejected invalid API key from ${request.ip}`);
throw new common_1.UnauthorizedException('Invalid API key');
}
safeCompare(a, b) {
const maxLen = Math.max(a.length, b.length);
const aBuf = Buffer.alloc(maxLen);
const bBuf = Buffer.alloc(maxLen);
Buffer.from(a).copy(aBuf);
Buffer.from(b).copy(bBuf);
return a.length === b.length && (0, crypto_1.timingSafeEqual)(aBuf, bBuf);
}
};
exports.ApiKeyGuard = ApiKeyGuard;
exports.ApiKeyGuard = ApiKeyGuard = ApiKeyGuard_1 = __decorate([
(0, common_1.Injectable)(),
__param(2, (0, typeorm_1.InjectRepository)(api_key_entity_1.ApiKey)),
__metadata("design:paramtypes", [core_1.Reflector,
config_1.ConfigService,
typeorm_2.Repository])
], ApiKeyGuard);
//# sourceMappingURL=api-key.guard.js.map