MCPcopy
hub / github.com/mudler/LocalAI / extractKey

Function extractKey

core/http/auth/middleware.go:510–536  ·  view source on GitHub ↗

extractKey extracts an API key from the request (all sources).

(c echo.Context)

Source from the content-addressed store, hash-verified

508
509// extractKey extracts an API key from the request (all sources).
510func extractKey(c echo.Context) string {
511 // Authorization header
512 auth := c.Request().Header.Get("Authorization")
513 if strings.HasPrefix(auth, "Bearer ") {
514 return strings.TrimPrefix(auth, "Bearer ")
515 }
516 if auth != "" {
517 return auth
518 }
519
520 // x-api-key
521 if key := c.Request().Header.Get("x-api-key"); key != "" {
522 return key
523 }
524
525 // xi-api-key
526 if key := c.Request().Header.Get("xi-api-key"); key != "" {
527 return key
528 }
529
530 // token cookie
531 if cookie, err := c.Cookie("token"); err == nil && cookie.Value != "" {
532 return cookie.Value
533 }
534
535 return ""
536}
537
538// isValidLegacyKey checks if the key matches any configured API key
539// using constant-time comparison to prevent timing attacks.

Callers 1

MiddlewareFunction · 0.85

Calls 2

GetMethod · 0.65
RequestMethod · 0.65

Tested by

no test coverage detected