UNPKG

manifest

Version:

Self-hosted Manifest LLM router with embedded server, SQLite database, and dashboard

89 lines 4.19 kB
"use strict"; var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) { var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; return c > 3 && r && Object.defineProperty(target, key, r), r; }; var __metadata = (this && this.__metadata) || function (k, v) { if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v); }; var __param = (this && this.__param) || function (paramIndex, decorator) { return function (target, key) { decorator(target, key, paramIndex); } }; var ApiKeyGuard_1; Object.defineProperty(exports, "__esModule", { value: true }); exports.ApiKeyGuard = void 0; const common_1 = require("@nestjs/common"); const core_1 = require("@nestjs/core"); const config_1 = require("@nestjs/config"); const typeorm_1 = require("@nestjs/typeorm"); const typeorm_2 = require("typeorm"); const crypto_1 = require("crypto"); const api_key_entity_1 = require("../../entities/api-key.entity"); const public_decorator_1 = require("../decorators/public.decorator"); const hash_util_1 = require("../utils/hash.util"); let ApiKeyGuard = ApiKeyGuard_1 = class ApiKeyGuard { reflector; configService; apiKeyRepo; logger = new common_1.Logger(ApiKeyGuard_1.name); constructor(reflector, configService, apiKeyRepo) { this.reflector = reflector; this.configService = configService; this.apiKeyRepo = apiKeyRepo; } async canActivate(context) { const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [ context.getHandler(), context.getClass(), ]); if (isPublic) return true; const request = context.switchToHttp().getRequest(); if (request.user) return true; const apiKey = request.headers['x-api-key']; if (!apiKey || typeof apiKey !== 'string') { this.logger.warn(`Rejected request without API key from ${request.ip}`); throw new common_1.UnauthorizedException('X-API-Key header required'); } const prefix = (0, hash_util_1.keyPrefix)(apiKey); const candidates = await this.apiKeyRepo.find({ where: { key_prefix: prefix } }); const found = candidates.find((c) => (0, hash_util_1.verifyKey)(apiKey, c.key_hash)); if (found) { request.apiKeyUserId = String(found.user_id); this.apiKeyRepo .createQueryBuilder() .update(api_key_entity_1.ApiKey) .set({ last_used_at: () => 'CURRENT_TIMESTAMP' }) .where('id = :id', { id: found.id }) .execute() .catch((err) => this.logger.warn(`Failed to update last_used_at: ${err.message}`)); return true; } const validKey = this.configService.get('app.apiKey', ''); if (validKey && this.safeCompare(apiKey, validKey)) { return true; } this.logger.warn(`Rejected invalid API key from ${request.ip}`); throw new common_1.UnauthorizedException('Invalid API key'); } safeCompare(a, b) { const maxLen = Math.max(a.length, b.length); const aBuf = Buffer.alloc(maxLen); const bBuf = Buffer.alloc(maxLen); Buffer.from(a).copy(aBuf); Buffer.from(b).copy(bBuf); return a.length === b.length && (0, crypto_1.timingSafeEqual)(aBuf, bBuf); } }; exports.ApiKeyGuard = ApiKeyGuard; exports.ApiKeyGuard = ApiKeyGuard = ApiKeyGuard_1 = __decorate([ (0, common_1.Injectable)(), __param(2, (0, typeorm_1.InjectRepository)(api_key_entity_1.ApiKey)), __metadata("design:paramtypes", [core_1.Reflector, config_1.ConfigService, typeorm_2.Repository]) ], ApiKeyGuard); //# sourceMappingURL=api-key.guard.js.map