fix: return correct codes

2025-10-12 22:13:34 +07:00 · 2025-10-12 22:13:34 +07:00 · 9a9c7260e2
parent 691e472a2e
commit 9a9c7260e2
3 changed files with 7 additions and 14 deletions
--- a/apps/api-service/src/middleware/auth/requireMasterKey.ts
+++ b/apps/api-service/src/middleware/auth/requireMasterKey.ts
@ -6,11 +6,10 @@ import { Request, Response, NextFunction } from 'express';
 */
 export function requireMasterKey(req: Request, res: Response, next: NextFunction): void {
  if (!req.apiKey) {
-    res.status(401).json({
+    return res.status(401).json({
      error: 'Authentication required',
      message: 'This endpoint requires authentication',
    });
    return;
  }
  if (req.apiKey.keyType !== 'master') {
@ -18,11 +17,10 @@ export function requireMasterKey(req: Request, res: Response, next: NextFunction
      `[${new Date().toISOString()}] Non-master key attempted admin action: ${req.apiKey.id} (${req.apiKey.keyType}) - ${req.path}`,
    );
-    res.status(403).json({
+    return res.status(403).json({
      error: 'Master key required',
      message: 'This endpoint requires a master API key',
    });
    return;
  }
  next();
--- a/apps/api-service/src/middleware/auth/requireProjectKey.ts
+++ b/apps/api-service/src/middleware/auth/requireProjectKey.ts
@ -7,30 +7,27 @@ import { Request, Response, NextFunction } from 'express';
 export function requireProjectKey(req: Request, res: Response, next: NextFunction): void {
  // This middleware assumes validateApiKey has already run and attached req.apiKey
  if (!req.apiKey) {
-    res.status(401).json({
+    return res.status(401).json({
      error: 'Authentication required',
      message: 'API key validation must be performed first',
    });
    return;
  }
  // Block master keys from generation endpoints
  if (req.apiKey.keyType === 'master') {
-    res.status(403).json({
+    return res.status(403).json({
      error: 'Forbidden',
      message:
        'Master keys cannot be used for image generation. Please use a project-specific API key.',
    });
    return;
  }
  // Ensure project key has required IDs
  if (!req.apiKey.projectId) {
-    res.status(400).json({
+    return res.status(400).json({
      error: 'Invalid API key',
      message: 'Project key must be associated with a project',
    });
    return;
  }
  console.log(
--- a/apps/api-service/src/middleware/auth/validateApiKey.ts
+++ b/apps/api-service/src/middleware/auth/validateApiKey.ts
@ -23,22 +23,20 @@ export async function validateApiKey(
  const providedKey = req.headers['x-api-key'] as string;
  if (!providedKey) {
-    res.status(401).json({
+    return res.status(401).json({
      error: 'Missing API key',
      message: 'Provide your API key via X-API-Key header',
    });
    return;
  }
  try {
    const apiKey = await apiKeyService.validateKey(providedKey);
    if (!apiKey) {
-      res.status(401).json({
+      return res.status(401).json({
        error: 'Invalid API key',
        message: 'The provided API key is invalid, expired, or revoked',
      });
      return;
    }
    // Attach to request for use in routes