From 89ebfb8aa44a91ff7f9aff8271a4f5864f6a4eef Mon Sep 17 00:00:00 2001 From: Rafi Arrafif Date: Wed, 13 Aug 2025 11:26:57 +0700 Subject: [PATCH] :lock: add app access token middleware Create a middleware app access token, so that all requests must include `access_token` in the header with a value equal to API_KEY in the .env file. If not, a `403 Forbidden` error will be returned. --- src/index.ts | 6 +++++- src/middleware/global/appAccessToken.middleware.ts | 12 ++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 src/middleware/global/appAccessToken.middleware.ts diff --git a/src/index.ts b/src/index.ts index af4aec5..7550831 100644 --- a/src/index.ts +++ b/src/index.ts @@ -1,10 +1,14 @@ +import { appAccessTokenMiddleware } from "./middleware/global/appAccessToken.middleware"; import { validateEnv } from "./utils/startups/validateEnv"; validateEnv(); const { Elysia } = await import("elysia"); const { routes } = await import("./routes"); -const app = new Elysia().use(routes).listen(process.env.APP_PORT || 3000); +const app = new Elysia() + .use(appAccessTokenMiddleware()) + .use(routes) + .listen(process.env.APP_PORT || 3000); console.log( `🦊 Elysia is running at ${app.server?.hostname}:${app.server?.port}` diff --git a/src/middleware/global/appAccessToken.middleware.ts b/src/middleware/global/appAccessToken.middleware.ts new file mode 100644 index 0000000..d1e4a1e --- /dev/null +++ b/src/middleware/global/appAccessToken.middleware.ts @@ -0,0 +1,12 @@ +import Elysia, { Context } from "elysia"; +import { returnErrorResponse } from "../../helpers/callback/httpResponse"; + +export const appAccessTokenMiddleware = () => + new Elysia().onRequest(({ request, set }) => { + const headerToken = request.headers.get("access_token"); + const storedToken = process.env.API_KEY; + + if (headerToken !== storedToken) { + return returnErrorResponse(set, 403, "Unauthorized"); + } + });