update validateApiKey to simply return true/false

private-attribution · Jun 20, 2024 · eeb4530 · akoshelev · Jun 20, 2024 · eeb4530
1 parent 2e42ed1
commit eeb4530
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 28 deletions.
diff --git a/server/app/api/update_query_status/route.ts b/server/app/api/update_query_status/route.ts
@@ -29,9 +29,9 @@ export async function POST(req: NextRequest) {
     return NextResponse.json({ error: "Status is required" }, { status: 400 });
   }
 
-  const { isValid, error } = await validateApiKey(helperPartyUUID, apiKey);
+  const isValid = await validateApiKey(helperPartyUUID, apiKey);
   if (!isValid) {
-    return NextResponse.json({ error: error?.message }, { status: 401 });
+    return NextResponse.json({ error: "Invalid API Key" }, { status: 401 });
   }
 
   const updateStatusError = await updateStatusFunction(

diff --git a/server/data/helper_party_api_key.ts b/server/data/helper_party_api_key.ts
@@ -6,48 +6,34 @@ import { createSupabaseServiceClient } from "@/data/supabase_server_service_clie
 export async function validateApiKey(
   helperPartyUUID: string,
   key: string,
-): Promise<{ isValid: boolean; error: Error | undefined }> {
+): Promise<boolean> {
   const supabase = await createSupabaseServiceClient();
   const currentTimestamp = new Date().toISOString();
   const { data, error } = await supabase
     .from("helper_party_api_keys")
-    .select("hashed_api_key, expires_at, modified_reason")
+    .select("hashed_api_key")
     .eq("helper_party_uuid", helperPartyUUID)
+    .gt("expires_at", currentTimestamp)
     .order("created_at", { ascending: false });
 
   if (error) {
-    console.error("Error fetching API key from database:", error);
-
-    return {
-      isValid: false,
-      error: Error(error.message),
-    };
+    throw error;
   }
-
   if (!data.length) {
-    console.error(`helperParty<${helperPartyUUID}> has no API keys`);
-    return { isValid: false, error: Error("No API key found.") };
+    return false;
   }
 
   for (let row of data) {
     // We need to loop through keys, to see if the provided key
-    // matches the stored hashed_api_key.
-    // If we find a match, then it's either expired, revoked, or value.
-    // If we don't find a match for the whole loop, it's just an invalid key.
+    // matches any of the the stored and unexpired hashed_api_key.
+    // There should only be at most one valid key at any given time,
+    // but we cannot enforce that in the DB.
+    // If we find a match, it's valid.
+    // If we don't find a match for the whole loop, it's an invalid key.
     let valid = await bcrypt.compare(key, row.hashed_api_key);
     if (valid) {
-      switch (true) {
-        case row.expires_at < currentTimestamp: {
-          return { isValid: false, error: Error("API key expired.") };
-        }
-        case row.modified_reason === "REVOKED": {
-          return { isValid: false, error: Error("API key revoked.") };
-        }
-        default: {
-          return { isValid: true, error: undefined };
-        }
-      }
+      return true;
     }
   }
-  return { isValid: false, error: Error("API key invalid.") };
+  return false;
 }