bam/my2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
bc4f9f4eee2ba5fd57f8f5724f2249bf5a561baa
my2/server/middleware/internal-auth.ts
Bastian Masanek a0121016b9 Add server infrastructure with API routes and middleware 
- Create API route structure (auth, health, internal)
- Add authentication middleware for internal pages
- Add database connection utilities
- Implement health check endpoint
2025-10-30 14:34:12 +01:00

54 lines
1.6 KiB
TypeScript
Raw Blame History

/**
* Basic Authentication Middleware for /internal/* routes
* Protects internal pages (styleguide, admin tools) with HTTP Basic Auth
*/
export default defineEventHandler((event) => {
const path = event.path
// Only protect /internal/* routes
if (!path.startsWith('/internal')) {
return
}
const config = useRuntimeConfig()
// Get credentials from environment variables
const validUsername = config.internalAuthUsername
const validPassword = config.internalAuthPassword
// Skip auth if credentials are not configured (development convenience)
if (!validUsername || !validPassword) {
console.warn('⚠️ INTERNAL_AUTH_USERNAME or INTERNAL_AUTH_PASSWORD not set. /internal routes are unprotected!')
return
}
// Get Authorization header
const authHeader = getHeader(event, 'authorization')
if (!authHeader || !authHeader.startsWith('Basic ')) {
// Request authentication
setHeader(event, 'WWW-Authenticate', 'Basic realm="Internal Area"')
throw createError({
statusCode: 401,
statusMessage: 'Authentication required',
})
}
// Decode credentials
const base64Credentials = authHeader.split(' ')[1]
const credentials = Buffer.from(base64Credentials, 'base64').toString('utf-8')
const [username, password] = credentials.split(':')
// Validate credentials
if (username !== validUsername || password !== validPassword) {
setHeader(event, 'WWW-Authenticate', 'Basic realm="Internal Area"')
throw createError({
statusCode: 401,
statusMessage: 'Invalid credentials',
})
}
// Authentication successful, continue
})
Reference in New Issue View Git Blame Copy Permalink