UNPKG

secure-express-setup

Version:

Military-grade one-command security setup for Express.js applications

github.com/0Raghav-Sharma0/secure-express-setup

0Raghav-Sharma0/secure-express-setup

38 lines (30 loc) 1.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// lib/apiKey.js // Simple API key protector. Accepts options: { getKeys: fn|object, headerName, allowQuery } function setupApiKeyProtection(options = {}) { const headerName = options.headerName || 'x-api-key'; const allowQuery = options.allowQuery === true; const getKeys = typeof options.getKeys === 'function' ? options.getKeys : () => Promise.resolve(options.keys || {}); // keys: { "<key>": { owner, scopes: [...] } } return async function apiKeyMiddleware(req, res, next) { try { const header = req.headers[headerName] || ''; const authHeader = req.headers.authorization || ''; let key = ''; if (authHeader.startsWith('ApiKey ')) key = authHeader.slice('ApiKey '.length); else if (header) key = header; else if (allowQuery && req.query && req.query.api_key) key = req.query.api_key; if (!key) return res.status(401).json({ error: 'API key required' }); const keys = await getKeys(); const meta = keys[key]; if (!meta) return res.status(403).json({ error: 'Invalid API key' }); // Attach metadata for downstream usage req.apiKey = { key, ...meta }; next(); } catch (err) { console.error('API Key middleware error:', err); res.status(500).json({ error: 'Internal error' }); } }; } module.exports = setupApiKeyProtection;