Open
Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
This pull request adds API key authentication to secure the API by introducing a new middleware, updating the environment configuration, and modifying the routes and documentation accordingly.
- Introduces middleware (apiKeyValidator) to verify the API key from requests.
- Updates the configuration to support API_KEYS and applies the middleware to all routes.
- Enhances the README to document the API key authentication process.
Reviewed Changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/routes/index.ts | Applies the new apiKeyValidator middleware to secure all routes. |
| src/middleware/apiKeyValidator.ts | Implements API key validation logic against the configured keys. |
| src/config/environment.ts | Adds API_KEYS to the environment schema as an optional string. |
| README.md | Updates documentation with a new section on API key authentication. |
Files not reviewed (1)
- swagger.json: Language not supported
Comment on lines
+11
to
+12
| const allowedKeys = process.env.API_KEYS.split(','); | ||
|
|
There was a problem hiding this comment.
Consider trimming the API keys after splitting to handle any extra spaces, e.g., change to: process.env.API_KEYS.split(',').map(key => key.trim()).
Suggested change
| const allowedKeys = process.env.API_KEYS.split(','); | |
| const allowedKeys = process.env.API_KEYS.split(',').map(key => key.trim()); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces API key authentication to secure the API. The changes include updates to the documentation, environment configuration, middleware for validation, route setup, and API documentation.
API Key Authentication:
README.md: Added a section about API authentication, explaining the use of API keys and providing an example request.src/config/environment.ts: AddedAPI_KEYSto the environment schema, making it an optional string.src/middleware/apiKeyValidator.ts: Created a middleware function to validate the API key from thex-api-keyheader against the configured keys in the environment variable.src/routes/index.ts: Applied theapiKeyValidatormiddleware to all routes to enforce API key authentication.swagger.json: Updated the API documentation to include theApiKeyAuthsecurity scheme, specifying that the API key should be included in thex-api-keyheader.