kamp/anything-llm
1
0
Fork 0
mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2024-11-05 06:20:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
60a00843df
anything-llm/server/utils/middleware/validatedRequest.js
Timothy Carambat 62e3f62e82
12 auth implementation (#13) 
* Add Auth protection for cloud-based or private instances

* skip check on local dev
2023-06-09 11:27:27 -07:00

46 lines
976 B
JavaScript
Raw Blame History

const { decodeJWT } = require("../http");
function validatedRequest(request, response, next) {
// When in development passthrough auth token for ease of development.
// Or if the user simply did not set an Auth token or JWT Secret
if (
process.env.NODE_ENV === "development" ||
!process.env.AUTH_TOKEN ||
!process.env.JWT_SECRET
) {
next();
return;
}
if (!process.env.AUTH_TOKEN) {
response.status(403).json({
error: "You need to set an AUTH_TOKEN environment variable.",
});
return;
}
const auth = request.header("Authorization");
const token = auth ? auth.split(" ")[1] : null;
if (!token) {
response.status(403).json({
error: "No auth token found.",
});
return;
}
const { p } = decodeJWT(token);
if (p !== process.env.AUTH_TOKEN) {
response.status(403).json({
error: "Invalid auth token found.",
});
return;
}
next();
}
module.exports = {
validatedRequest,
};
Reference in New Issue View Git Blame Copy Permalink