bjoernpoettker/paperlessmanager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add support for API keys in Authorization header for SSE clients
Build and Push Multi-Platform Images / build-and-push (push) Successful in 28s
Details

Browse Source
This commit is contained in:
Björn Pöttker
2026-05-09 09:37:55 +02:00
parent f4428afb9b
commit a207b3057e
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
paperless-backend/src/auth/api-key.guard.ts
+9 -1
View File
@@ -10,12 +10,20 @@ export class ApiKeyGuard implements CanActivate {
// Check header (X-API-Key) // Check header (X-API-Key)
let apiKey = request.headers['x-api-key'] || request.headers['X-API-Key']; let apiKey = request.headers['x-api-key'] || request.headers['X-API-Key'];
// Fallback to query parameter (apiKey) // Fallback to query parameter (apiKey)
if (!apiKey) { if (!apiKey) {
apiKey = request.query['apiKey']; apiKey = request.query['apiKey'];
} }
// Fallback to Authorization: Bearer (used by SSE clients that can't set X-API-Key)
if (!apiKey) {
const auth: string | undefined = request.headers['authorization'];
if (auth?.startsWith('Bearer ')) {
apiKey = auth.slice(7);
}
}
if (!apiKey) { if (!apiKey) {
throw new UnauthorizedException('API Key missing'); throw new UnauthorizedException('API Key missing');
} }