ozan
a81a450e7e
Merged into tinqs/studio: - cmd/tinqs-cli/ — tinqs-cli (Go binary, from bot/cli) - cmd/tea/ — Gitea CLI tool (from tinqs/cli-tea) - services/bot/ — Bot service (from tinqs-ltd/bot on git.arikigame.com) - services/admin/ — Admin panel (from tinqs/admin) - services/team-tool/ — Team Tool (from tinqs/team-tool) - services/proxy/ — tinqs-proxy (from bot/proxy) - web/landing/ — tinqs.com website (from tinqs/website) - web/docs/ — Platform docs (from tinqs/docs) - web/blog/ — Blog (placeholder) - runner/ — Ephemeral CI runner (from tinqs/runner) All source repos will be deleted after verification.
31 lines
999 B
TypeScript
31 lines
999 B
TypeScript
import { CORS_HEADERS } from './cors';
|
|
|
|
/**
|
|
* Extension sends `Authorization: Bearer <TACO_API_SECRET>` or `x-taco-key`.
|
|
* Also accepts requests already authenticated by middleware (x-tinqs-user set),
|
|
* which covers the macOS Team Tool using Gitea token auth.
|
|
*/
|
|
export function authorizeMeetingApi(req: Request): Response | null {
|
|
// If middleware already authenticated via Gitea token, allow through
|
|
const tinqsUser = req.headers.get('x-tinqs-user');
|
|
if (tinqsUser) {
|
|
return null;
|
|
}
|
|
|
|
const secret = process.env.TACO_API_SECRET;
|
|
if (!secret) {
|
|
return null;
|
|
}
|
|
const auth = req.headers.get('authorization');
|
|
const bearer = auth?.match(/^Bearer\s+(.+)$/i)?.[1];
|
|
const headerKey = req.headers.get('x-taco-key');
|
|
const token = bearer ?? headerKey ?? '';
|
|
if (token !== secret) {
|
|
return new Response(JSON.stringify({ error: 'Unauthorized' }), {
|
|
status: 401,
|
|
headers: { 'Content-Type': 'application/json', ...CORS_HEADERS },
|
|
});
|
|
}
|
|
return null;
|
|
}
|