Making it obvious that API key is invalid - error otherwise is quite cryptic.

This commit is contained in:
mike12345567 2023-03-15 17:26:21 +00:00
parent 17db2d407a
commit 29fc91d6d1
1 changed files with 22 additions and 11 deletions

View File

@ -48,22 +48,31 @@ async function checkApiKey(apiKey: string, populateUser?: Function) {
const decrypted = decrypt(apiKey)
const tenantId = decrypted.split(SEPARATOR)[0]
return doInTenant(tenantId, async () => {
let userId
try {
const db = getGlobalDB()
// api key is encrypted in the database
const userId = (await queryGlobalView(
userId = (await queryGlobalView(
ViewName.BY_API_KEY,
{
key: apiKey,
},
db
)) as string
} catch (err) {
userId = undefined
}
if (userId) {
return {
valid: true,
user: await getUser(userId, tenantId, populateUser),
}
} else {
throw "Invalid API key"
throw {
message:
"Invalid API key - may need re-generated, or user doesn't exist",
name: "InvalidApiKey",
}
}
})
}
@ -164,8 +173,10 @@ export default function (
console.error(`Auth Error: ${err.message}`)
console.error(err)
// invalid token, clear the cookie
if (err && err.name === "JsonWebTokenError") {
if (err?.name === "JsonWebTokenError") {
clearCookie(ctx, Cookie.Auth)
} else if (err?.name === "InvalidApiKey") {
ctx.throw(403, err.message)
}
// allow configuring for public access
if ((opts && opts.publicAllowed) || publicEndpoint) {