nav/Fabric.Backend.Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): split api-key boundary for frontend auth flow

Browse Source
This commit is contained in:
nav
2026-05-14 14:17:07 +00:00
parent 81dfc227e3
commit 7afd220b4a
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/common/center-api-key.guard.ts
View File

@@ -21,6 +21,18 @@ export class CenterApiKeyGuard implements CanActivate {
const path = req.path ?? '';
const method = (req.method ?? 'GET').toUpperCase();
const noApiKeyRequired =
path === '/healthz' ||
path.endsWith('/healthz') ||
(method === 'POST' && (path === '/auth/login' || path.endsWith('/auth/login'))) ||
(method === 'POST' && (path === '/auth/refresh' || path.endsWith('/auth/refresh'))) ||
(method === 'POST' && (path === '/auth/logout' || path.endsWith('/auth/logout'))) ||
(method === 'GET' && (path === '/auth/me/guilds' || path.endsWith('/auth/me/guilds')));
if (noApiKeyRequired) {
return true;
}
// only guild registration is exempt from API key; it is protected by HMAC secret
if (method === 'POST' && (path === '/nodes/register' || path.endsWith('/nodes/register'))) {
return true;
@@ -40,4 +52,3 @@ export class CenterApiKeyGuard implements CanActivate {
throw new UnauthorizedException('invalid api key');
}
}