Jean-Luc Makiola
259dc2bc8c
- Install @hono/oidc-auth and jose for OIDC integration - Rewrite requireAuth middleware with three-way auth: API key, MCP Bearer, OIDC session - Strip auth.service.ts to API key functions only (remove user/session management) - Remove all references to getUserCount, getSession, refreshSession from middleware
31 lines
965 B
TypeScript
31 lines
965 B
TypeScript
import type { Context, Next } from "hono";
|
|
import { getAuth } from "@hono/oidc-auth";
|
|
import { verifyApiKey } from "../services/auth.service";
|
|
import { verifyAccessToken } from "../services/oauth.service";
|
|
|
|
export async function requireAuth(c: Context, next: Next) {
|
|
const db = c.get("db");
|
|
|
|
// 1. Check API key (programmatic access)
|
|
const apiKey = c.req.header("X-API-Key");
|
|
if (apiKey) {
|
|
const valid = await verifyApiKey(db, apiKey);
|
|
if (valid) return next();
|
|
return c.json({ error: "Invalid API key" }, 401);
|
|
}
|
|
|
|
// 2. Check MCP OAuth Bearer token
|
|
const authHeader = c.req.header("Authorization");
|
|
if (authHeader?.startsWith("Bearer ")) {
|
|
const token = authHeader.slice(7);
|
|
if (await verifyAccessToken(db, token)) return next();
|
|
return c.json({ error: "invalid_token" }, 401);
|
|
}
|
|
|
|
// 3. Check OIDC session (browser users)
|
|
const auth = await getAuth(c);
|
|
if (auth) return next();
|
|
|
|
return c.json({ error: "Authentication required" }, 401);
|
|
}
|