media-exporter-processor/dist/services/AuthService.js

Media processing API with thumbnail generation and cloud storage

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AuthService = void 0;
const crypto_1 = require("crypto");
class AuthService {
    constructor(staticToken) {
        this.staticToken = staticToken;
        if (!staticToken) {
            throw new Error("Static token is required for AuthService");
        }
        this.staticTokenBuffer = Buffer.from(staticToken, "utf8");
    }
    /**
     * Middleware for Hono to validate authentication tokens
     */
    middleware() {
        return async (c, next) => {
            const authHeader = c.req.header("Authorization");
            if (!authHeader) {
                return c.text("Authorization header required", 401);
            }
            // Extract token from "Bearer <token>" format
            const token = authHeader.startsWith("Bearer ")
                ? authHeader.slice(7)
                : authHeader;
            if (!this.validateToken(token)) {
                return c.text("Invalid token", 401);
            }
            await next();
        };
    }
    /**
     * Validate token using time-safe comparison
     */
    validateToken(token) {
        // Time-safe string comparison to prevent timing attacks
        const tokenBuffer = Buffer.from(token, "utf8");
        // Ensure buffers are the same length for timing safety
        if (tokenBuffer.length !== this.staticTokenBuffer.length) {
            return false;
        }
        return (0, crypto_1.timingSafeEqual)(tokenBuffer, this.staticTokenBuffer);
    }
    /**
     * Extract token from Authorization header
     */
    extractToken(authHeader) {
        if (!authHeader) {
            return null;
        }
        return authHeader.startsWith("Bearer ") ? authHeader.slice(7) : authHeader;
    }
}
exports.AuthService = AuthService;
//# sourceMappingURL=AuthService.js.map