Skip to content

Commit 869ba71

Browse files
committed
v0:ref: enhance API key and cookie authentication middlewares
1 parent 6355f32 commit 869ba71

2 files changed

Lines changed: 93 additions & 40 deletions

File tree

apps/workers/v0/src/middlewares/api-key-auth.hono.ts

Lines changed: 78 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import { logDebug } from '@/utils/loggers';
55

66
export const apiKeyAuthMiddleware = createMiddleware<AppBindings>(
77
async (c, next) => {
8+
const start = performance.now();
89
// First, try to get API key from x-api-key header
910
const xApiKey = c.req.header('x-api-key');
1011
const authHeader = c.req.header('authorization');
@@ -16,62 +17,91 @@ export const apiKeyAuthMiddleware = createMiddleware<AppBindings>(
1617
return next();
1718
}
1819

19-
logDebug(c.env, '🗝️ apiKey:', apiKey);
20+
logDebug(c.env, '🔑 apiKey:', apiKey);
2021

2122
if (!apiKey) {
22-
logDebug(c.env, '🗝️ No API key provided, skipping to next auth method');
23+
logDebug(c.env, '🔑 No API key provided, skipping to next auth method');
2324
return c.json(
2425
{ success: false, error: 'Unauthorized: No API key provided' },
2526
401,
2627
);
2728
}
2829

2930
try {
30-
const request = new Request(
31-
`${c.env.BETTER_AUTH_URL}/getSessionWithAPIKey`,
32-
{
33-
method: 'POST',
34-
headers: {
35-
'x-api-key': apiKey,
36-
'Content-Type': 'application/json',
31+
let sessionData: Session | undefined;
32+
33+
// First, try using the service binding RPC call
34+
try {
35+
logDebug(
36+
c.env,
37+
'🔄 Attempting RPC call to AUTH_WORKER.getSessionWithAPIKey',
38+
);
39+
const rpcStartTime = performance.now();
40+
41+
sessionData = (await c.env.AUTH_WORKER.getSessionWithAPIKey(
42+
apiKey,
43+
)) as Session;
44+
45+
const rpcEndTime = performance.now();
46+
logDebug(
47+
c.env,
48+
'✅ RPC call successful, took:',
49+
((rpcEndTime - rpcStartTime) / 1000).toFixed(3),
50+
'seconds',
51+
);
52+
} catch (rpcError) {
53+
logDebug(
54+
c.env,
55+
'⚠️ RPC call failed, falling back to HTTP fetch:',
56+
rpcError,
57+
);
58+
59+
// Fallback to HTTP fetch approach
60+
const request = new Request(
61+
`${c.env.BETTER_AUTH_URL}/getSessionWithAPIKey`,
62+
{
63+
method: 'POST',
64+
headers: {
65+
'x-api-key': apiKey,
66+
'Content-Type': 'application/json',
67+
},
68+
body: JSON.stringify({ apiKey }),
3769
},
38-
body: JSON.stringify({ apiKey }),
39-
},
40-
);
70+
);
4171

42-
const fetcher = c.var.serviceFetcher;
43-
const response = await fetcher(request);
72+
const fetcher = c.var.serviceFetcher;
73+
const response = await fetcher(request);
4474

45-
// Check if the request was successful
46-
if (!response.ok) {
47-
const errorText = await response.text();
48-
logDebug(c.env, '🚨 Auth service error:', {
49-
status: response.status,
50-
error: errorText,
51-
});
75+
// Check if the request was successful
76+
if (!response.ok) {
77+
const errorText = await response.text();
78+
logDebug(c.env, '🚨 Auth service error:', {
79+
status: response.status,
80+
error: errorText,
81+
});
5282

53-
// For service errors, let it through - auth guard will handle
54-
if (response.status === 404 || response.status >= 500) {
55-
logDebug(
56-
c.env,
57-
'⚠️ Auth service issue, proceeding to next middleware',
58-
);
83+
// For service errors, let it through - auth guard will handle
84+
if (response.status === 404 || response.status >= 500) {
85+
logDebug(
86+
c.env,
87+
'⚠️ Auth service issue, proceeding to next middleware',
88+
);
89+
return next();
90+
}
91+
92+
// For invalid API key, also proceed - let auth guard decide
93+
logDebug(c.env, '⚠️ Invalid API key, proceeding to next middleware');
5994
return next();
6095
}
6196

62-
// For invalid API key, also proceed - let auth guard decide
63-
logDebug(c.env, '⚠️ Invalid API key, proceeding to next middleware');
64-
return next();
65-
}
66-
67-
// Parse response
68-
let sessionData: Session;
69-
try {
70-
sessionData = await response.json();
71-
} catch (parseError) {
72-
logDebug(c.env, '🚨 Failed to parse auth response:', parseError);
73-
// Continue to next middleware on parse errors
74-
return next();
97+
// Parse response
98+
try {
99+
sessionData = await response.json();
100+
} catch (parseError) {
101+
logDebug(c.env, '🚨 Failed to parse auth response:', parseError);
102+
// Continue to next middleware on parse errors
103+
return next();
104+
}
75105
}
76106

77107
// Validate session structure
@@ -112,6 +142,14 @@ export const apiKeyAuthMiddleware = createMiddleware<AppBindings>(
112142
sessionId: session.session.id,
113143
});
114144

145+
const end = performance.now();
146+
logDebug(
147+
c.env,
148+
'⌚ API key auth middleware took:',
149+
((end - start) / 1000).toFixed(3),
150+
'seconds',
151+
);
152+
115153
return next();
116154
} catch (error) {
117155
logDebug(c.env, '🚨 Unexpected error in auth middleware:', error);

apps/workers/v0/src/middlewares/cookie-auth.hono.ts

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ const fetchWithFallback = async (
5353

5454
export const cookieAuthMiddleware = createMiddleware<AppBindings>(
5555
async (c, next) => {
56+
const start = performance.now();
5657
if (
5758
c.get('session') ||
5859
c.get('session')?.session ||
@@ -82,6 +83,13 @@ export const cookieAuthMiddleware = createMiddleware<AppBindings>(
8283

8384
if (authSession.data) {
8485
setAuthContext(c, authSession.data);
86+
const end = performance.now();
87+
logDebug(
88+
c.env,
89+
'⌚ Cookie auth middleware took:',
90+
((end - start) / 1000).toFixed(3),
91+
'seconds',
92+
);
8593
return next();
8694
}
8795

@@ -100,6 +108,13 @@ export const cookieAuthMiddleware = createMiddleware<AppBindings>(
100108
const session = await parseSessionResponse(response, c.env, source);
101109
setAuthContext(c, session);
102110

111+
const end = performance.now();
112+
logDebug(
113+
c.env,
114+
'⌚ Cookie auth middleware took:',
115+
((end - start) / 1000).toFixed(3),
116+
'seconds',
117+
);
103118
return next();
104119
} catch (error) {
105120
// Never throw - always continue gracefully

0 commit comments

Comments
 (0)