1 files changed, 18 insertions, 0 deletions

diff --git a/apps/web/server/api/client.ts b/apps/web/server/api/client.ts
index 8b414d39..6a0a8909 100644
--- a/apps/web/server/api/client.ts
+++ b/apps/web/server/api/client.ts
@@ -2,8 +2,26 @@ import { getServerAuthSession } from "@/server/auth";
 
 import { db } from "@hoarder/db";
 import { Context, createCallerFactory } from "@hoarder/trpc";
+import { authenticateApiKey } from "@hoarder/trpc/auth";
 import { appRouter } from "@hoarder/trpc/routers/_app";
 
+export async function createContextFromRequest(req: Request) {
+  // TODO: This is a hack until we offer a proper REST API instead of the trpc based one.
+  // Check if the request has an Authorization token, if it does, assume that API key authentication is requested.
+  const authorizationHeader = req.headers.get("Authorization");
+  if (authorizationHeader && authorizationHeader.startsWith("Bearer ")) {
+    const token = authorizationHeader.split(" ")[1];
+    try {
+      const user = await authenticateApiKey(token);
+      return { user, db };
+    } catch (e) {
+      // Fallthrough to cookie-based auth
+    }
+  }
+
+  return createContext();
+}
+
 export const createContext = async (database?: typeof db): Promise<Context> => {
   const session = await getServerAuthSession();
   return {