Spaces:
Configuration error
Configuration error
| import type { Request, RequestHandler } from "express"; | |
| import { config } from "../../config"; | |
| import { authenticate, getUser } from "./user-store"; | |
| const GATEKEEPER = config.gatekeeper; | |
| const PROXY_KEY = config.proxyKey; | |
| const ADMIN_KEY = config.adminKey; | |
| export function getProxyAuthorizationFromRequest(req: Request): string | undefined { | |
| // Anthropic's API uses x-api-key instead of Authorization. Some clients will | |
| // pass the _proxy_ key in this header too, instead of providing it as a | |
| // Bearer token in the Authorization header. So we need to check both. | |
| // Prefer the Authorization header if both are present. | |
| if (req.headers.authorization) { | |
| const token = req.headers.authorization?.slice("Bearer ".length); | |
| delete req.headers.authorization; | |
| return token; | |
| } | |
| if (req.headers["x-api-key"]) { | |
| const token = req.headers["x-api-key"]?.toString(); | |
| delete req.headers["x-api-key"]; | |
| return token; | |
| } | |
| return undefined; | |
| } | |
| export const gatekeeper: RequestHandler = (req, res, next) => { | |
| const token = getProxyAuthorizationFromRequest(req); | |
| // TODO: Generate anonymous users based on IP address for public or proxy_key | |
| // modes so that all middleware can assume a user of some sort is present. | |
| if (token === ADMIN_KEY) { | |
| return next(); | |
| } | |
| if (GATEKEEPER === "none") { | |
| return next(); | |
| } | |
| if (GATEKEEPER === "proxy_key" && token === PROXY_KEY) { | |
| return next(); | |
| } | |
| if (GATEKEEPER === "user_token" && token) { | |
| const user = authenticate(token, req.ip); | |
| if (user) { | |
| req.user = user; | |
| return next(); | |
| } else { | |
| const maybeBannedUser = getUser(token); | |
| if (maybeBannedUser?.disabledAt) { | |
| return res.status(403).json({ | |
| error: `Forbidden: ${ | |
| maybeBannedUser.disabledReason || "Token disabled" | |
| }`, | |
| }); | |
| } | |
| } | |
| } | |
| if (GATEKEEPER === "privileged") { | |
| const nuToken = token || "none lmao" | |
| const user = authenticate(nuToken, req.ip); | |
| if (user) { | |
| req.user = user; | |
| return next(); | |
| } else { | |
| return next(); | |
| } | |
| } | |
| res.status(401).json({ error: "Unauthorized" }); | |
| }; | |