feat: add support for API keys in Authorization header for SSE clients
Build and Push Multi-Platform Images / build-and-push (push) Successful in 28s
Build and Push Multi-Platform Images / build-and-push (push) Successful in 28s
This commit is contained in:
@@ -10,12 +10,20 @@ export class ApiKeyGuard implements CanActivate {
|
||||
|
||||
// Check header (X-API-Key)
|
||||
let apiKey = request.headers['x-api-key'] || request.headers['X-API-Key'];
|
||||
|
||||
|
||||
// Fallback to query parameter (apiKey)
|
||||
if (!apiKey) {
|
||||
apiKey = request.query['apiKey'];
|
||||
}
|
||||
|
||||
// Fallback to Authorization: Bearer (used by SSE clients that can't set X-API-Key)
|
||||
if (!apiKey) {
|
||||
const auth: string | undefined = request.headers['authorization'];
|
||||
if (auth?.startsWith('Bearer ')) {
|
||||
apiKey = auth.slice(7);
|
||||
}
|
||||
}
|
||||
|
||||
if (!apiKey) {
|
||||
throw new UnauthorizedException('API Key missing');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user