cal.pub0.org/lib/helpers/verifyApiKey.ts

import type { IncomingMessage } from "http";
import { NextMiddleware } from "next-api-middleware";

import { hashAPIKey } from "@calcom/ee/lib/api/apiKeys";
import prisma from "@calcom/prisma";

/** @todo figure how to use the one from `@calcom/types`ﬁ */
declare module "next" {
  export interface NextApiRequest extends IncomingMessage {
    userId: number;
  }
}

// Used to check if the apiKey is not expired, could be extracted if reused. but not for now.
export const dateNotInPast = function (date: Date) {
  const now = new Date();
  if (now.setHours(0, 0, 0, 0) >= date.setHours(0, 0, 0, 0)) {
    return true;
  }
};

// This verifies the apiKey and sets the user if it is valid.
export const verifyApiKey: NextMiddleware = async (req, res, next) => {
  if (!req.query.apiKey) return res.status(401).json({ message: "No apiKey provided" });
  // We remove the prefix from the user provided api_key. If no env set default to "cal_"
  const strippedApiKey = `${req.query.apiKey}`.replace(process.env.API_KEY_PREFIX || "cal_", "");
  // Hash the key again before matching against the database records.
  const hashedKey = hashAPIKey(strippedApiKey);
  // Check if the hashed api key exists in database.
  const apiKey = await prisma.apiKey.findUnique({ where: { hashedKey } });
  // If we cannot find any api key. Throw a 401 Unauthorized.
  if (!apiKey) return res.status(401).json({ error: "Your apiKey is not valid" });
  if (apiKey.expiresAt && dateNotInPast(apiKey.expiresAt)) {
    return res.status(401).json({ error: "This apiKey is expired" });
  }
  if (!apiKey.userId) return res.status(404).json({ error: "No user found for this apiKey" });
  /* We save the user id in the request for later use */
  req.userId = apiKey.userId;
  await next();
};
Refactoring and fixes 2022-04-22 01:36:33 +00:00			`import type { IncomingMessage } from "http";`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`import { NextMiddleware } from "next-api-middleware";`
prettier 2022-03-30 12:17:55 +00:00
make verifyApiKey check for hashed, need @calcom/ee in transpile modules next.config 2022-04-07 23:59:04 +00:00			`import { hashAPIKey } from "@calcom/ee/lib/api/apiKeys";`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`import prisma from "@calcom/prisma";`
Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars 2022-03-28 22:27:14 +00:00
Refactoring and fixes 2022-04-22 01:36:33 +00:00			/** @todo figure how to use the one from `@calcom/types`ﬁ */
			`declare module "next" {`
			`export interface NextApiRequest extends IncomingMessage {`
			`userId: number;`
			`}`
			`}`

rename apiKey 2022-04-23 00:26:35 +00:00			`// Used to check if the apiKey is not expired, could be extracted if reused. but not for now.`
fix: rename dateInPast -> dateNotInPast 2022-04-23 00:05:56 +00:00			`export const dateNotInPast = function (date: Date) {`
fix verifyapikey, add daabase_url to env.example 2022-04-18 21:24:57 +00:00			`const now = new Date();`
fix: apiKeyExpire 2022-04-23 01:46:53 +00:00			`if (now.setHours(0, 0, 0, 0) >= date.setHours(0, 0, 0, 0)) {`
prettier 2022-03-30 12:17:55 +00:00			`return true;`
			`}`
			`};`
Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars 2022-03-28 22:27:14 +00:00
rename apiKey 2022-04-23 00:26:35 +00:00			`// This verifies the apiKey and sets the user if it is valid.`
Uses inferred types 2022-04-22 14:05:31 +00:00			`export const verifyApiKey: NextMiddleware = async (req, res, next) => {`
rename apiKey 2022-04-23 00:26:35 +00:00			`if (!req.query.apiKey) return res.status(401).json({ message: "No apiKey provided" });`
fix verifyapikey, add daabase_url to env.example 2022-04-18 21:24:57 +00:00			`// We remove the prefix from the user provided api_key. If no env set default to "cal_"`
fix: update prefix to cal_ 2022-04-14 19:46:26 +00:00			const strippedApiKey = `${req.query.apiKey}`.replace(process.env.API_KEY_PREFIX \|\| "cal_", "");
fix verifyapikey, add daabase_url to env.example 2022-04-18 21:24:57 +00:00			`// Hash the key again before matching against the database records.`
make verifyApiKey check for hashed, need @calcom/ee in transpile modules next.config 2022-04-07 23:59:04 +00:00			`const hashedKey = hashAPIKey(strippedApiKey);`
fix verifyapikey, add daabase_url to env.example 2022-04-18 21:24:57 +00:00			`// Check if the hashed api key exists in database.`
Refactoring and fixes 2022-04-22 01:36:33 +00:00			`const apiKey = await prisma.apiKey.findUnique({ where: { hashedKey } });`
			`// If we cannot find any api key. Throw a 401 Unauthorized.`
rename apiKey 2022-04-23 00:26:35 +00:00			`if (!apiKey) return res.status(401).json({ error: "Your apiKey is not valid" });`
fix: rename dateInPast -> dateNotInPast 2022-04-23 00:05:56 +00:00			`if (apiKey.expiresAt && dateNotInPast(apiKey.expiresAt)) {`
rename apiKey 2022-04-23 00:26:35 +00:00			`return res.status(401).json({ error: "This apiKey is expired" });`
Refactoring and fixes 2022-04-22 01:36:33 +00:00			`}`
rename apiKey 2022-04-23 00:26:35 +00:00			`if (!apiKey.userId) return res.status(404).json({ error: "No user found for this apiKey" });`
Refactoring and fixes 2022-04-22 01:36:33 +00:00			`/* We save the user id in the request for later use */`
			`req.userId = apiKey.userId;`
			`await next();`
feat: successfully protected all endpoints with next-api-middleware for verifyApiKey 2022-03-29 00:25:24 +00:00			`};`