Chris Farhood
1bbdd7acba
- Add apps/api/ — Hono REST API server for managing pentest scans via K8s Jobs - POST/GET /api/scans, GET /api/scans/:id, cancel, report endpoints - Bearer token auth, Temporal client integration, K8s Job builder - Dockerfile, Kustomize manifests (Deployment, Service, RBAC) - Add CLI orchestrator abstraction (docker.ts → Orchestrator interface) - DockerOrchestrator and K8sOrchestrator implementations - Backend detection via SHANNON_BACKEND env var or --backend flag - Add CI workflow: type-check + lint on PR, build+push both images on main - Switch all workflows to self-hosted runners (runners-farhoodliquor) - Add shannon-api image build to release and release-beta workflows - Add root infra/kustomization.yaml as Flux entry point - Export PipelineProgress from @shannon/worker/pipeline Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
35 lines
958 B
TypeScript
35 lines
958 B
TypeScript
/**
|
|
* Bearer token authentication middleware.
|
|
* Validates the Authorization header against the configured API key.
|
|
* Skips health check endpoints.
|
|
*/
|
|
|
|
import crypto from 'node:crypto';
|
|
import type { Context, Next } from 'hono';
|
|
|
|
const PUBLIC_PATHS = new Set(['/healthz', '/readyz']);
|
|
|
|
export function authMiddleware(apiKey: string) {
|
|
const expectedBuffer = Buffer.from(apiKey);
|
|
|
|
return async (c: Context, next: Next) => {
|
|
if (PUBLIC_PATHS.has(c.req.path)) {
|
|
return next();
|
|
}
|
|
|
|
const header = c.req.header('Authorization');
|
|
if (!header?.startsWith('Bearer ')) {
|
|
return c.json({ error: 'Missing or invalid Authorization header' }, 401);
|
|
}
|
|
|
|
const token = header.slice(7);
|
|
const tokenBuffer = Buffer.from(token);
|
|
|
|
if (tokenBuffer.length !== expectedBuffer.length || !crypto.timingSafeEqual(tokenBuffer, expectedBuffer)) {
|
|
return c.json({ error: 'Invalid API key' }, 401);
|
|
}
|
|
|
|
return next();
|
|
};
|
|
}
|