From b00d2b360d8000edcd9bfa82673ca322a9ac6d1a Mon Sep 17 00:00:00 2001
From: MohamedBassem <me@mbassem.com>
Date: Mon, 12 Feb 2024 22:50:43 +0000
Subject: hack: Hack API key support in the context creation of TRPC

---
 packages/web/app/api/trpc/[trpc]/route.ts | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'packages/web/app/api/trpc/[trpc]')

diff --git a/packages/web/app/api/trpc/[trpc]/route.ts b/packages/web/app/api/trpc/[trpc]/route.ts
index 4d108604..e04539a9 100644
--- a/packages/web/app/api/trpc/[trpc]/route.ts
+++ b/packages/web/app/api/trpc/[trpc]/route.ts
@@ -1,12 +1,28 @@
 import { fetchRequestHandler } from "@trpc/server/adapters/fetch";
 import { appRouter } from "@/server/api/routers/_app";
 import { createContext } from "@/server/api/client";
+import { authenticateApiKey } from "@/server/auth";
 
 const handler = (req: Request) =>
   fetchRequestHandler({
     endpoint: "/api/trpc",
     req,
     router: appRouter,
-    createContext,
+    createContext: async (opts) => {
+      // TODO: This is a hack until we offer a proper REST API instead of the trpc based one.
+      // Check if the request has an Authorization token, if it does, assume that API key authentication is requested.
+      const authorizationHeader = opts.req.headers.get("Authorization");
+      if (authorizationHeader && authorizationHeader.startsWith("Bearer ")) {
+        const token = authorizationHeader.split(" ")[1];
+        try {
+          const user = await authenticateApiKey(token);
+          return { user };
+        } catch (e) {
+          // Fallthrough to cookie-based auth
+        }
+      }
+
+      return createContext();
+    },
   });
 export { handler as GET, handler as POST };
-- 
cgit v1.2.3-70-g09d2