Add an "api key" scheme (#440)

Author: vcarl

src/helpers/env.ts

@@ -24,6 +24,7 @@ export const applicationKey = getEnv("DISCORD_PUBLIC_KEY");
 export const applicationId = getEnv("DISCORD_APP_ID");
 export const guildId = getEnv("GUILD_ID");
 export const discordToken = getEnv("DISCORD_HASH");
+export const reactibotApiKey = getEnv("REACTIBOT_API_KEY", true);
 export const gitHubReadToken = getEnv("GH_READ_TOKEN", true);
 export const amplitudeKey = getEnv("AMPLITUDE_KEY", true);
 export const openAiKey = getEnv("OPENAI_KEY", true);

src/server.ts

@@ -10,6 +10,7 @@ import {
 } from "./features/jobs-moderation/job-mod-helpers.js";
 import { compressLineBreaks } from "./helpers/string.js";
 import { constructDiscordLink } from "./helpers/discord.js";
+import { reactibotApiKey } from "./helpers/env.js";
 
 const fastify = Fastify({ logger: true });
 
@@ -22,6 +23,14 @@ const openApiConfig = {
     version: "1.0.0",
   },
   components: {
+    securitySchemes: {
+      apiKey: {
+        type: "apiKey",
+        name: "api-key",
+        in: "header",
+      },
+    },
+    security: [{ apiKey: [] }],
     schemas: {
       PaginationParams: {
         type: "object",
@@ -118,6 +127,15 @@ const openApiConfig = {
   },
 };
 
+fastify.addHook("onRequest", async (request, reply) => {
+  const apiKey = request.headers["api-key"];
+  console.log("onreq");
+  if (apiKey !== reactibotApiKey) {
+    reply.code(401).send({ error: "Unauthorized" });
+    return;
+  }
+});
+
 try {
   Object.entries(openApiConfig.components.schemas).forEach(([k, schema]) => {
     fastify.addSchema({ ...schema, $id: k });