fix: review

Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>

Author: ulemons

backend/.env.dist.local

@@ -166,4 +166,4 @@ CROWD_TINYBIRD_BASE_URL=http://localhost:7181/
 
 # Auth0
 CROWD_AUTH0_ISSUER_BASE_URL=
-CROWD_AUTH0_AUDIENCE=
+CROWD_AUTH0_AUDIENCE=

backend/src/api/public/middlewares/staticApiKeyMiddleware.ts

@@ -6,39 +6,43 @@ import { findApiKeyByHash, optionsQx, touchApiKeyLastUsed } from '@crowd/data-ac
 
 export function staticApiKeyMiddleware(): RequestHandler {
   return async (req: Request, _res: Response, next: NextFunction): Promise<void> => {
-    const authHeader = req.headers.authorization
+    try {
+      const authHeader = req.headers.authorization
 
-    if (!authHeader || !authHeader.startsWith('Bearer ')) {
-      next(new UnauthorizedError('Missing or invalid Authorization header'))
-      return
-    }
+      if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        next(new UnauthorizedError('Missing or invalid Authorization header'))
+        return
+      }
 
-    const providedKey = authHeader.slice('Bearer '.length)
-    const keyHash = crypto.createHash('sha256').update(providedKey).digest('hex')
+      const providedKey = authHeader.slice('Bearer '.length)
+      const keyHash = crypto.createHash('sha256').update(providedKey).digest('hex')
 
-    const qx = optionsQx(req)
-    const apiKey = await findApiKeyByHash(qx, keyHash)
+      const qx = optionsQx(req)
+      const apiKey = await findApiKeyByHash(qx, keyHash)
 
-    if (!apiKey) {
-      next(new UnauthorizedError('Invalid API key'))
-      return
-    }
+      if (!apiKey) {
+        next(new UnauthorizedError('Invalid API key'))
+        return
+      }
 
-    if (apiKey.revokedAt) {
-      next(new UnauthorizedError('API key has been revoked'))
-      return
-    }
+      if (apiKey.revokedAt) {
+        next(new UnauthorizedError('API key has been revoked'))
+        return
+      }
 
-    if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {
-      next(new UnauthorizedError('API key has expired'))
-      return
-    }
+      if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {
+        next(new UnauthorizedError('API key has expired'))
+        return
+      }
 
-    // fire and forget — don't block the request
-    touchApiKeyLastUsed(qx, apiKey.id).catch(() => {})
+      // fire and forget — don't block the request
+      touchApiKeyLastUsed(qx, apiKey.id).catch(() => {})
 
-    req.actor = { id: apiKey.name, type: 'service', scopes: apiKey.scopes }
+      req.actor = { id: apiKey.name, type: 'service', scopes: apiKey.scopes }
 
-    next()
+      next()
+    } catch (err) {
+      next(err)
+    }
   }
 }

backend/src/database/migrations/V1773938832__add-api-keys-tale.sql

@@ -11,6 +11,3 @@ CREATE TABLE "apiKeys" (
   "createdAt"   TIMESTAMPTZ NOT NULL DEFAULT now(),
   "updatedAt"   TIMESTAMPTZ NOT NULL DEFAULT now()
 );
-
-CREATE INDEX "ix_apiKeys_keyHash" ON "apiKeys" ("keyHash");
-CREATE INDEX "ix_apiKeys_keyPrefix" ON "apiKeys" ("keyPrefix");