Merge pull request #565 from datasektionen/main

davidbjorklund · web-flow · commit 77f3521ff229 · 2026-05-05T04:04:48.000+02:00
Created database held api tokens for api export
diff --git a/prisma/migrations/20260505011527_api_export_token/migration.sql b/prisma/migrations/20260505011527_api_export_token/migration.sql
@@ -0,0 +1,15 @@
+-- CreateTable
+CREATE TABLE "ApiKey" (
+    "id" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "hash" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "ApiKey_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ApiKey_name_key" ON "ApiKey"("name");
+
+-- CreateIndex
+CREATE UNIQUE INDEX "ApiKey_hash_key" ON "ApiKey"("hash");
diff --git a/prisma/schema.prisma b/prisma/schema.prisma
@@ -199,3 +199,10 @@ model Meetings {
 
     @@map("meetings")
 }
+
+model ApiKey {
+  id         String   @id @default(uuid())
+  name       String   @unique
+  hash       String   @unique
+  createdAt  DateTime @default(now())
+}
diff --git a/src/pages/api/export-exhibitor-interest.ts b/src/pages/api/export-exhibitor-interest.ts
@@ -1,17 +1,23 @@
 import type { NextApiRequest, NextApiResponse } from "next";
 import { prisma } from "@/server/db";
-import * as pls from "@/utils/pls";
+import * as global from "@/utils/global";
 
 export default async function handler(
     req: NextApiRequest,
     res: NextApiResponse
 ) {
     if (req.method !== "GET") return res.status(405).end();
 
-    const apiKey = req.headers["authorization"];
-    if (apiKey == undefined) return res.status(400).end();
-    if (!(await pls.checkApiKey("read-registrations", apiKey))) {
-        return res.status(402).end();
+    const authHeader = req.headers["authorization"];
+    if (!authHeader || typeof authHeader !== "string") {
+        return res.status(400).end();
+    }
+
+    const rawKey = authHeader.replace("Bearer ", "");
+    const valid = await global.verifyApiKey(rawKey);
+
+    if (!valid) {
+        return res.status(403).end();
     }
 
     const exhibitors = await prisma.exhibitorInterestRegistration.findMany({
diff --git a/src/utils/global.ts b/src/utils/global.ts
@@ -0,0 +1,12 @@
+import { prisma } from "@/server/db";
+import crypto from "crypto";
+
+export async function verifyApiKey(raw: string) {
+  const hash = crypto.createHash("sha256").update(raw).digest("hex");
+
+  const key = await prisma.apiKey.findUnique({
+    where: { hash },
+  });
+
+  return !!key;
+}
