gib/GibSend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use scrypt for api keys (#33)

Browse Source
This commit is contained in:
KM Koushik
2024-06-27 07:42:13 +10:00
committed by GitHub
parent 1beced823e
commit 57fcfbc9b6
10 changed files with 219 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
apps/web/src/server/public-api/auth.ts
View File

@@ -1,9 +1,9 @@
import TTLCache from "@isaacs/ttlcache";
import { Context } from "hono";
import { hashToken } from "../auth";
import { db } from "../db";
import { UnsendApiError } from "./api-error";
import { env } from "~/env";
import { getTeamAndApiKey } from "../service/api-service";
const rateLimitCache = new TTLCache({
ttl: 1000, // 1 second
@@ -34,17 +34,16 @@ export const getTeamFromToken = async (c: Context) => {
checkRateLimit(token);
const hashedToken = hashToken(token);
const teamAndApiKey = await getTeamAndApiKey(token);
const team = await db.team.findFirst({
where: {
apiKeys: {
some: {
tokenHash: hashedToken,
},
},
},
});
if (!teamAndApiKey) {
throw new UnsendApiError({
code: "FORBIDDEN",
message: "Invalid API token",
});
}
const { team, apiKey } = teamAndApiKey;
if (!team) {
throw new UnsendApiError({
@@ -57,7 +56,7 @@ export const getTeamFromToken = async (c: Context) => {
db.apiKey
.update({
where: {
tokenHash: hashedToken,
id: apiKey.id,
},
data: {
lastUsed: new Date(),