maxp/lt-auth-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

fix(auth): validate API key from POST body and handle content type

Browse Source 
- Switch API key validation to use POST body parameters
- Add support for `application/x-www-form-urlencoded` content type
- Store parsed body in context state for further use
- Reject unsupported content types with 415 status
This commit is contained in:
0xMax42
2025-05-11 10:59:39 +02:00
parent 60dcc30c0d
commit 4326a2d92c
2 changed files with 45 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/__tests__/ltProxyAuth.test.ts
View File

@@ -6,11 +6,19 @@ import { ltProxyAuth } from '../ltProxyAuth.ts';
Deno.test('ltProxyAuth: accepts valid API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const req = new Request('http://localhost/?apiKey=valid123');
const body = new URLSearchParams({ apiKey: 'valid123' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
query: { apiKey: 'valid123' },
query: {},
state: {},
};
@@ -26,11 +34,19 @@ Deno.test('ltProxyAuth: accepts valid API key', async () => {
Deno.test('ltProxyAuth: rejects invalid API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const req = new Request('http://localhost/?apiKey=invalid456');
const body = new URLSearchParams({ apiKey: 'invalid456' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
query: { apiKey: 'invalid456' },
query: {},
state: {},
};
@@ -46,7 +62,15 @@ Deno.test('ltProxyAuth: rejects invalid API key', async () => {
Deno.test('ltProxyAuth: rejects missing API key', async () => {
Deno.env.set('API_KEYS', 'valid123');
const req = new Request('http://localhost/');
const body = new URLSearchParams({ text: 'nur text ohne apiKey' });
const req = new Request('http://localhost/', {
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body,
});
const ctx: IContext = {
req,
params: {},
@@ -60,4 +84,5 @@ Deno.test('ltProxyAuth: rejects missing API key', async () => {
);
assertEquals(response.status, 403);
assertEquals(await response.text(), 'Forbidden – Invalid API key');
});