From 9a9c7260e266e091b8e2d8f79179be3bdbacf4b4 Mon Sep 17 00:00:00 2001 From: Oleg Proskurin Date: Sun, 12 Oct 2025 22:13:34 +0700 Subject: [PATCH] fix: return correct codes --- apps/api-service/src/middleware/auth/requireMasterKey.ts | 6 ++---- .../api-service/src/middleware/auth/requireProjectKey.ts | 9 +++------ apps/api-service/src/middleware/auth/validateApiKey.ts | 6 ++---- 3 files changed, 7 insertions(+), 14 deletions(-) diff --git a/apps/api-service/src/middleware/auth/requireMasterKey.ts b/apps/api-service/src/middleware/auth/requireMasterKey.ts index 8d58350..d9ead9f 100644 --- a/apps/api-service/src/middleware/auth/requireMasterKey.ts +++ b/apps/api-service/src/middleware/auth/requireMasterKey.ts @@ -6,11 +6,10 @@ import { Request, Response, NextFunction } from 'express'; */ export function requireMasterKey(req: Request, res: Response, next: NextFunction): void { if (!req.apiKey) { - res.status(401).json({ + return res.status(401).json({ error: 'Authentication required', message: 'This endpoint requires authentication', }); - return; } if (req.apiKey.keyType !== 'master') { @@ -18,11 +17,10 @@ export function requireMasterKey(req: Request, res: Response, next: NextFunction `[${new Date().toISOString()}] Non-master key attempted admin action: ${req.apiKey.id} (${req.apiKey.keyType}) - ${req.path}`, ); - res.status(403).json({ + return res.status(403).json({ error: 'Master key required', message: 'This endpoint requires a master API key', }); - return; } next(); diff --git a/apps/api-service/src/middleware/auth/requireProjectKey.ts b/apps/api-service/src/middleware/auth/requireProjectKey.ts index 7dd2498..86930d0 100644 --- a/apps/api-service/src/middleware/auth/requireProjectKey.ts +++ b/apps/api-service/src/middleware/auth/requireProjectKey.ts @@ -7,30 +7,27 @@ import { Request, Response, NextFunction } from 'express'; export function requireProjectKey(req: Request, res: Response, next: NextFunction): void { // This middleware assumes validateApiKey has already run and attached req.apiKey if (!req.apiKey) { - res.status(401).json({ + return res.status(401).json({ error: 'Authentication required', message: 'API key validation must be performed first', }); - return; } // Block master keys from generation endpoints if (req.apiKey.keyType === 'master') { - res.status(403).json({ + return res.status(403).json({ error: 'Forbidden', message: 'Master keys cannot be used for image generation. Please use a project-specific API key.', }); - return; } // Ensure project key has required IDs if (!req.apiKey.projectId) { - res.status(400).json({ + return res.status(400).json({ error: 'Invalid API key', message: 'Project key must be associated with a project', }); - return; } console.log( diff --git a/apps/api-service/src/middleware/auth/validateApiKey.ts b/apps/api-service/src/middleware/auth/validateApiKey.ts index a69db91..4853241 100644 --- a/apps/api-service/src/middleware/auth/validateApiKey.ts +++ b/apps/api-service/src/middleware/auth/validateApiKey.ts @@ -23,22 +23,20 @@ export async function validateApiKey( const providedKey = req.headers['x-api-key'] as string; if (!providedKey) { - res.status(401).json({ + return res.status(401).json({ error: 'Missing API key', message: 'Provide your API key via X-API-Key header', }); - return; } try { const apiKey = await apiKeyService.validateKey(providedKey); if (!apiKey) { - res.status(401).json({ + return res.status(401).json({ error: 'Invalid API key', message: 'The provided API key is invalid, expired, or revoked', }); - return; } // Attach to request for use in routes