update api auth

README.md

@@ -1,6 +1,6 @@
 ## API
 
-> Wenn die env variable `API_SECRET` gesetzt ist, muss jede API Request den HTTP Header `Authorization: Basic <API_SECRET>` haben.
+> Wenn die env variable `API_SECRET` gesetzt ist, muss jede API Request den HTTP Header `Authorization: Basic <"api:<API_SECRET>" as base64>` haben.
 
 <details>
 <summary><code>POST</code> <code>/api/feedback</code> (Erstellt Feedbackformulare)</summary>

src/pages/api/feedback.ts

@@ -1,8 +1,8 @@
 import { z } from 'astro:schema';
 import type { APIRoute } from 'astro';
-import { API_SECRET } from 'astro:env/server';
 import { db } from '@db/database.ts';
 import { BASE_PATH } from 'astro:env/server';
+import { checkApiBasicAuth } from '@util/auth.ts';
 
 const postSchema = z.object({
   event: z.string(),
@@ -11,7 +11,7 @@ const postSchema = z.object({
 });
 
 export const POST: APIRoute = async ({ request }) => {
-  if (API_SECRET && request.headers.get('authorization') !== `Basic ${API_SECRET}`) {
+  if (!checkApiBasicAuth(request.headers)) {
     return new Response(null, { status: 401 });
   }
 

src/pages/api/player.ts

@@ -1,14 +1,14 @@
 import { z } from 'astro:schema';
 import type { APIRoute } from 'astro';
-import { API_SECRET } from 'astro:env/server';
 import { db } from '@db/database.ts';
+import { checkApiBasicAuth } from '@util/auth.ts';
 
 const getSchema = z.object({
   user: z.string()
 });
 
 export const GET: APIRoute = async ({ request }) => {
-  if (API_SECRET && request.headers.get('authorization') !== `Basic ${API_SECRET}`) {
+  if (!checkApiBasicAuth(request.headers)) {
     return new Response(null, { status: 401 });
   }
 

src/pages/api/report.ts

@@ -1,8 +1,8 @@
 import type { APIRoute } from 'astro';
 import { z } from 'astro:schema';
-import { API_SECRET } from 'astro:env/server';
 import { db } from '@db/database.ts';
 import { sendWebhook, WebhookAction } from '@util/webhook.ts';
+import { checkApiBasicAuth } from '@util/auth.ts';
 
 const postSchema = z.object({
   reporter: z.string(),
@@ -11,7 +11,7 @@ const postSchema = z.object({
 });
 
 export const POST: APIRoute = async ({ request }) => {
-  if (API_SECRET && request.headers.get('authorization') !== `Basic ${API_SECRET}`) {
+  if (!checkApiBasicAuth(request.headers)) {
     return new Response(null, { status: 401 });
   }
 
@@ -52,7 +52,7 @@ const putSchema = z.object({
 });
 
 export const PUT: APIRoute = async ({ request }) => {
-  if (API_SECRET && request.headers.get('authorization') !== `Basic ${API_SECRET}`) {
+  if (!checkApiBasicAuth(request.headers)) {
     return new Response(null, { status: 401 });
   }
 

src/util/auth.ts

@@ -0,0 +1,7 @@
+import { API_SECRET } from 'astro:env/server';
+
+const BASIC_AUTH_HEADER = API_SECRET ? `Basic ${Buffer.from(`api:${API_SECRET}`).toString('base64')}` : null;
+
+export function checkApiBasicAuth(headers: Headers) {
+  return BASIC_AUTH_HEADER ? headers.get('authorization') === BASIC_AUTH_HEADER : true;
+}