* Auth hook for the Internal Server. ALL routes require Bearer token, no exceptions. * Independent from @openchatlab/http-routes auth (which uses global state for External Server).
(token: string)
| 358 | * Independent from @openchatlab/http-routes auth (which uses global state for External Server). |
| 359 | */ |
| 360 | function createInternalAuthHook(token: string) { |
| 361 | return async function internalAuthHook(request: FastifyRequest, reply: FastifyReply): Promise<void> { |
| 362 | if (request.method === 'OPTIONS') return |
| 363 | |
| 364 | const authHeader = request.headers.authorization |
| 365 | if (!authHeader || !authHeader.startsWith('Bearer ')) { |
| 366 | reply.code(401).send({ success: false, error: { code: 'UNAUTHORIZED', message: 'Missing or invalid token' } }) |
| 367 | return |
| 368 | } |
| 369 | |
| 370 | const provided = authHeader.slice(7) |
| 371 | if (!safeTokenCompare(provided, token)) { |
| 372 | reply.code(401).send({ success: false, error: { code: 'UNAUTHORIZED', message: 'Invalid token' } }) |
| 373 | return |
| 374 | } |
| 375 | } |
| 376 | } |
no test coverage detected