UNPKG

qapinterface

Version:

Comprehensive API utilities for Node.js applications including authentication, security, request processing, and response handling with zero external dependencies

github.com/api-utilities/api-utilities

api-utilities/api-utilities

57 lines (50 loc) 1.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/** * API Key Extraction * Single Responsibility: Extract API keys from requests ONLY */ /** * Extracts API key from request headers, query parameters, or body. * @param {object} req - Express request object. * @param {object} [options={}] - Extraction options. * @returns {string|null} - Extracted API key or null. */ function extractApiKey(req, options = {}) { const { headerNames = ['x-api-key', 'api-key'], queryParam = 'api_key', authorizationPrefix = 'Bearer ', checkBody = false } = options; // Check Authorization header for Bearer token if (req.headers.authorization) { const authHeader = req.headers.authorization; if (authHeader.startsWith(authorizationPrefix)) { return authHeader.slice(authorizationPrefix.length); } } // Check custom API key headers for (const headerName of headerNames) { const headerValue = req.headers[headerName.toLowerCase()]; if (headerValue && typeof headerValue === 'string') { return headerValue.trim(); } } // Check query parameters if (req.query && req.query[queryParam]) { const queryValue = req.query[queryParam]; if (typeof queryValue === 'string') { return queryValue.trim(); } } // Check request body if enabled if (checkBody && req.body && req.body[queryParam]) { const bodyValue = req.body[queryParam]; if (typeof bodyValue === 'string') { return bodyValue.trim(); } } return null; } module.exports = { extractApiKey };