Add REST API access key (#75)

pull/79/head
Artem 2 years ago committed by GitHub
parent b660e84bea
commit 69697da8e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      mainnet.env.example
  2. 14
      src/api/middlewares/verifyApiKey.ts
  3. 3
      src/api/rest/server.ts
  4. 1
      src/config.ts

@ -9,6 +9,7 @@ API_WS_IS_ENABLED=1
API_SHARDS=0,1,2,3
# enable LRU memory cache
API_IS_CACHE_ENABLED=1
API_REST_ACCESS_KEY=12345
# Indexer
INDEXER_IS_ENABLED=1

@ -0,0 +1,14 @@
import {NextFunction, Request, Response} from 'express'
import {config} from 'src/config'
export const verifyApiKey = (req: Request, res: Response, next: NextFunction) => {
const {rest_api_key: headerApiKey} = req.headers
const {apiKey} = config.api.rest
// If config api key is not empty, check api key in header
if (apiKey && headerApiKey === apiKey) {
next()
} else {
res.sendStatus(403)
}
}

@ -25,6 +25,7 @@ import {rpcRouter} from 'src/api/rest/routes/rpcRouter'
import {transport} from 'src/api/rest/transport'
import prometheusRegister from 'src/api/prometheus'
import {verifyApiKey} from 'src/api/middlewares/verifyApiKey'
const l = logger(module)
export const RESTServer = async () => {
@ -81,7 +82,7 @@ export const RESTServer = async () => {
l.debug(`RPC API is disabled`)
}
api.use('/v0', routerWithShards0)
api.use('/v0', verifyApiKey, routerWithShards0)
api.use(
'/metrics',
async (req: Request, res: Response) => {

@ -70,6 +70,7 @@ export const config = {
rest: {
isEnabled: toBool(process.env.API_REST_IS_ENABLED || '0'),
port: +(process.env.API_REST_PORT || 3000),
apiKey: process.env.API_REST_ACCESS_KEY || '',
},
// JSON RPC endpoint available on POST /v0/rpc. Requires API_REST_IS_ENABLED=1
json_rpc: {

Loading…
Cancel
Save