Skip to content

Add API Key Authentication Strategy #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Kmario19 wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add API Key Authentication Strategy #10

Kmario19 wants to merge 6 commits into from

Conversation

@Kmario19
Copy link
Owner

@Kmario19 Kmario19 commented Apr 3, 2025

This pull request introduces API key authentication to secure the API. The changes include updates to the documentation, environment configuration, middleware for validation, route setup, and API documentation.

API Key Authentication:

  • README.md: Added a section about API authentication, explaining the use of API keys and providing an example request.

  • src/config/environment.ts: Added API_KEYS to the environment schema, making it an optional string.

  • src/middleware/apiKeyValidator.ts: Created a middleware function to validate the API key from the x-api-key header against the configured keys in the environment variable.

  • src/routes/index.ts: Applied the apiKeyValidator middleware to all routes to enforce API key authentication.

  • swagger.json: Updated the API documentation to include the ApiKeyAuth security scheme, specifying that the API key should be included in the x-api-key header.

@Kmario19 Kmario19 requested a review from Copilot April 3, 2025 03:46
Copilot AI reviewed Apr 3, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds API key authentication to secure the API by introducing a new middleware, updating the environment configuration, and modifying the routes and documentation accordingly.

  • Introduces middleware (apiKeyValidator) to verify the API key from requests.
  • Updates the configuration to support API_KEYS and applies the middleware to all routes.
  • Enhances the README to document the API key authentication process.

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File Description
src/routes/index.ts Applies the new apiKeyValidator middleware to secure all routes.
src/middleware/apiKeyValidator.ts Implements API key validation logic against the configured keys.
src/config/environment.ts Adds API_KEYS to the environment schema as an optional string.
README.md Updates documentation with a new section on API key authentication.
Files not reviewed (1)
  • swagger.json: Language not supported

src/middleware/apiKeyValidator.ts
Comment on lines +11 to +12
const allowedKeys = process.env.API_KEYS.split(',');

Copy link

Copilot AI Apr 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider trimming the API keys after splitting to handle any extra spaces, e.g., change to: process.env.API_KEYS.split(',').map(key => key.trim()).

Suggested change
const allowedKeys = process.env.API_KEYS.split(',');
const allowedKeys = process.env.API_KEYS.split(',').map(key => key.trim());

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Kmario19