emly/api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Introduces configurable test database for bug reports

Browse Source 
Enables switching between production and testing MySQL databases based on the `ENABLE_TEST_DB` environment variable and an `X-DB-ENV` request header.

Applies this dual database functionality primarily to bug report submission and administration features. New `TESTING_MYSQL_` environment variables are added for defining test database credentials.

Refines HTTP request logging by excluding health checks and admin session validation endpoints to reduce noise. Allows `/health` endpoints to bypass API and Admin key guards.

Temporarily disables HWID-based rate limiting for bug report submissions.
This commit is contained in:
Flavio Fois
2026-03-02 23:15:15 +01:00
parent 3f15edae75
commit 9458d1e8ad
11 changed files with 297 additions and 138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/middleware/auth.ts
View File

@@ -6,13 +6,15 @@ export function apiKeyGuard(ctx: { request?: Request; set: any }) {
const request = ctx.request;
if (!request) return; // nothing to validate at setup time
if (request.url.includes("/health")) return;
const key = request.headers.get("x-api-key");
if (!key || key !== config.apiKey) {
const ip =
request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
request.headers.get("x-real-ip") ||
"unknown";
Log("AUTH", `Invalid API key from ip=${ip}`);
Log("AUTH-API-KEYGUARD", `Invalid API key from ip=${ip}`);
ctx.set.status = 401;
return { success: false, message: "Invalid or missing API key" };
}
@@ -22,13 +24,16 @@ export function adminKeyGuard(ctx: { request?: Request; set: any }) {
const request = ctx.request;
if (!request) return;
if (request.url.includes("/health")) return;
if (request.url.includes("/bug-reports")) return;
const key = request.headers.get("x-admin-key");
if (!key || key !== config.adminKey) {
const ip =
request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
request.headers.get("x-real-ip") ||
"unknown";
Log("AUTH", `Invalid admin key from ip=${ip}`);
Log("AUTH-ADMIN-KEYGUARD", `Invalid admin key from ip=${ip}`);
ctx.set.status = 401;
return { success: false, message: "Invalid or missing admin key" };
}