From 8f64b73a773014ba66211984f3b4c1fe44256ebf Mon Sep 17 00:00:00 2001
From: Andrew Jiang <andrew@buildwithfern.com>
Date: Thu, 31 Oct 2024 15:20:13 -0400
Subject: [PATCH] feat: enable api key injection from within JWT (#1752)

---
 .../pages/api/fern-docs/auth/api-key-injection.ts  | 14 ++++++++++++++
 packages/ui/fern-docs-auth/src/types.ts            |  1 +
 2 files changed, 15 insertions(+)

diff --git a/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/api-key-injection.ts b/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/api-key-injection.ts
index 21a70b0328..0b28ec8cb7 100644
--- a/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/api-key-injection.ts
+++ b/packages/ui/docs-bundle/src/pages/api/fern-docs/auth/api-key-injection.ts
@@ -1,3 +1,4 @@
+import { safeVerifyFernJWTConfig } from "@/server/auth/FernJWT";
 import { OAuth2Client } from "@/server/auth/OAuth2Client";
 import { getAPIKeyInjectionConfig } from "@/server/auth/getApiKeyInjectionConfig";
 import { withSecureCookie } from "@/server/auth/with-secure-cookie";
@@ -17,6 +18,19 @@ export default async function handler(req: NextRequest): Promise<NextResponse<AP
     const host = getHostEdge(req);
     const edgeConfig = await getAuthEdgeConfig(domain);
 
+    const fern_token = req.cookies.get(COOKIE_FERN_TOKEN)?.value;
+
+    if (fern_token != null) {
+        const fernUser = await safeVerifyFernJWTConfig(fern_token, edgeConfig);
+        if (fernUser?.api_key != null) {
+            return NextResponse.json({
+                enabled: true,
+                authenticated: true,
+                access_token: fernUser.api_key,
+            });
+        }
+    }
+
     // assume that if the edge config is set for webflow, api key injection is always enabled
     if (edgeConfig?.type === "oauth2" && edgeConfig.partner === "webflow") {
         const accessToken = req.cookies.get("access_token")?.value;
diff --git a/packages/ui/fern-docs-auth/src/types.ts b/packages/ui/fern-docs-auth/src/types.ts
index d2096509a4..8243667795 100644
--- a/packages/ui/fern-docs-auth/src/types.ts
+++ b/packages/ui/fern-docs-auth/src/types.ts
@@ -9,6 +9,7 @@ export const FernUserSchema = z.object({
             "The roles of the token (can be a string or an array of strings) which limits what content users can access",
         )
         .optional(),
+    api_key: z.string().optional().describe("For API Playground key injection"),
 });
 
 export type FernUser = z.infer<typeof FernUserSchema>;