Skip to content

Commit 09ba6e6

Browse files
davidbjorklunddavidbjorklund
committed
Created database held api tokens for api export
1 parent 4327bdb commit 09ba6e6

4 files changed

Lines changed: 45 additions & 5 deletions

File tree

prisma/migrations/20260505011527_api_export_token/migration.sql

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
-- CreateTable
2+
CREATE TABLE "ApiKey" (
3+
"id" TEXT NOT NULL,
4+
"name" TEXT NOT NULL,
5+
"hash" TEXT NOT NULL,
6+
"createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
7+
8+
CONSTRAINT "ApiKey_pkey" PRIMARY KEY ("id")
9+
);
10+
11+
-- CreateIndex
12+
CREATE UNIQUE INDEX "ApiKey_name_key" ON "ApiKey"("name");
13+
14+
-- CreateIndex
15+
CREATE UNIQUE INDEX "ApiKey_hash_key" ON "ApiKey"("hash");

prisma/schema.prisma

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,3 +199,10 @@ model Meetings {
199199
200200
@@map("meetings")
201201
}
202+
203+
model ApiKey {
204+
id String @id @default(uuid())
205+
name String @unique
206+
hash String @unique
207+
createdAt DateTime @default(now())
208+
}

src/pages/api/export-exhibitor-interest.ts

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,23 @@
11
import type { NextApiRequest, NextApiResponse } from "next";
22
import { prisma } from "@/server/db";
3-
import * as pls from "@/utils/pls";
3+
import * as global from "@/utils/global";
44

55
export default async function handler(
66
req: NextApiRequest,
77
res: NextApiResponse
88
) {
99
if (req.method !== "GET") return res.status(405).end();
1010

11-
const apiKey = req.headers["authorization"];
12-
if (apiKey == undefined) return res.status(400).end();
13-
if (!(await pls.checkApiKey("read-registrations", apiKey))) {
14-
return res.status(402).end();
11+
const authHeader = req.headers["authorization"];
12+
if (!authHeader || typeof authHeader !== "string") {
13+
return res.status(400).end();
14+
}
15+
16+
const rawKey = authHeader.replace("Bearer ", "");
17+
const valid = await global.verifyApiKey(rawKey);
18+
19+
if (!valid) {
20+
return res.status(403).end();
1521
}
1622

1723
const exhibitors = await prisma.exhibitorInterestRegistration.findMany({

src/utils/global.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
import { prisma } from "@/server/db";
2+
import crypto from "crypto";
3+
4+
export async function verifyApiKey(raw: string) {
5+
const hash = crypto.createHash("sha256").update(raw).digest("hex");
6+
7+
const key = await prisma.apiKey.findUnique({
8+
where: { hash },
9+
});
10+
11+
return !!key;
12+
}

0 commit comments

Comments
 (0)