Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | 4x 5x 5x 5x 1x 1x 4x 1x 3x 2x 1x 3x 2x 1x 1x 18x 1x | // API Key Authentication Middleware
import type { MiddlewareHandler } from "hono";
import { UnauthorizedError } from "../lib/errors";
import { handleError } from "../lib/response";
/**
* Require API key for marketplace/public API access
* API key should be passed in the X-API-Key header
*/
export const requireApiKey: MiddlewareHandler<{
Bindings: CloudflareBindings;
}> = async (c, next) => {
const apiKey = c.req.header("X-API-Key");
const expectedKey = c.env.MARKETPLACE_API_KEY;
// If no API key is configured, skip validation (development mode)
if (!expectedKey) {
await next();
return;
}
if (!apiKey) {
return handleError(
c,
new UnauthorizedError("API key required. Provide X-API-Key header."),
);
}
// Constant-time comparison to prevent timing attacks
if (!secureCompare(apiKey, expectedKey)) {
return handleError(c, new UnauthorizedError("Invalid API key"));
}
await next();
};
/**
* Constant-time string comparison to prevent timing attacks
*/
function secureCompare(a: string, b: string): boolean {
if (a.length !== b.length) {
return false;
}
let result = 0;
for (let i = 0; i < a.length; i++) {
result |= a.charCodeAt(i) ^ b.charCodeAt(i);
}
return result === 0;
}
|