1 files changed, 17 insertions, 1 deletions

diff --git a/packages/web/app/api/trpc/[trpc]/route.ts b/packages/web/app/api/trpc/[trpc]/route.ts
index 4d108604..e04539a9 100644
--- a/packages/web/app/api/trpc/[trpc]/route.ts
+++ b/packages/web/app/api/trpc/[trpc]/route.ts
@@ -1,12 +1,28 @@
 import { fetchRequestHandler } from "@trpc/server/adapters/fetch";
 import { appRouter } from "@/server/api/routers/_app";
 import { createContext } from "@/server/api/client";
+import { authenticateApiKey } from "@/server/auth";
 
 const handler = (req: Request) =>
   fetchRequestHandler({
     endpoint: "/api/trpc",
     req,
     router: appRouter,
-    createContext,
+    createContext: async (opts) => {
+      // TODO: This is a hack until we offer a proper REST API instead of the trpc based one.
+      // Check if the request has an Authorization token, if it does, assume that API key authentication is requested.
+      const authorizationHeader = opts.req.headers.get("Authorization");
+      if (authorizationHeader && authorizationHeader.startsWith("Bearer ")) {
+        const token = authorizationHeader.split(" ")[1];
+        try {
+          const user = await authenticateApiKey(token);
+          return { user };
+        } catch (e) {
+          // Fallthrough to cookie-based auth
+        }
+      }
+
+      return createContext();
+    },
   });
 export { handler as GET, handler as POST };