pook/compliancebot
1
0
Fork 0
Code Issues 1.1k Pull requests 82 Projects Releases Packages Wiki Activity Actions

feat: add API key auth middleware for protected endpoints #51

Closed
pook wants to merge 1 commit from feature/auth-middleware into main
pull from: feature/auth-middleware
merge into: pook:main
Conversation 2 Commits 1 Files changed 6 +356
pook commented 2026-04-08 12:45:25 -04:00
Owner
Copy link

Summary

  • Add auth middleware validating API keys from Authorization: Bearer or X-API-Key headers
  • New api_keys table stores SHA-256 hashed keys with user/org association (never plaintext)
  • Protected routes: /generate/* and /documents/* require valid API key
  • Public endpoints (/health, etc.) remain accessible without auth
  • Authenticated user/org context enriched on request for downstream handlers
  • 8 unit tests: valid key (Bearer + X-API-Key), invalid key, revoked key, missing header, malformed header, public endpoint access, hash consistency

Files changed

  • packages/api/src/db/schema.ts — added apiKeys table + types
  • packages/api/src/middleware/api-key-hash.ts — SHA-256 hashing utility
  • packages/api/src/middleware/auth.ts — auth middleware
  • packages/api/src/index.ts — apply middleware to protected routes
  • packages/api/migrations/0001_add_api_keys.sql — migration SQL
  • packages/api/tests/unit/auth.test.ts — 8 test cases

Test plan

  • bun test packages/api/tests/unit/auth.test.ts — 8/8 pass
  • TypeScript type-check passes (tsc --noEmit)
  • Run migration on staging DB before deploying

🤖 Generated with Claude Code

## Summary - Add auth middleware validating API keys from `Authorization: Bearer` or `X-API-Key` headers - New `api_keys` table stores SHA-256 hashed keys with user/org association (never plaintext) - Protected routes: `/generate/*` and `/documents/*` require valid API key - Public endpoints (`/health`, etc.) remain accessible without auth - Authenticated user/org context enriched on request for downstream handlers - 8 unit tests: valid key (Bearer + X-API-Key), invalid key, revoked key, missing header, malformed header, public endpoint access, hash consistency ## Files changed - `packages/api/src/db/schema.ts` — added `apiKeys` table + types - `packages/api/src/middleware/api-key-hash.ts` — SHA-256 hashing utility - `packages/api/src/middleware/auth.ts` — auth middleware - `packages/api/src/index.ts` — apply middleware to protected routes - `packages/api/migrations/0001_add_api_keys.sql` — migration SQL - `packages/api/tests/unit/auth.test.ts` — 8 test cases ## Test plan - [x] `bun test packages/api/tests/unit/auth.test.ts` — 8/8 pass - [x] TypeScript type-check passes (`tsc --noEmit`) - [ ] Run migration on staging DB before deploying 🤖 Generated with [Claude Code](https://claude.com/claude-code)
feat: add API key auth middleware for protected endpoints
Some checks are pending
agent-worker/pr-tests Running PR tests...
2a7283a777 
Add authentication middleware that validates API keys from Authorization
(Bearer) or X-API-Key headers. Keys are stored as SHA-256 hashes in a new
api_keys table with org/user association. Protected routes (/generate/*,
/documents/*) now require a valid API key; public endpoints (health, etc)
remain open. Includes 8 unit tests covering valid/invalid/missing/malformed
key scenarios.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pook commented 2026-04-08 12:45:33 -04:00
Author
Owner
Copy link

⚠️ No Test Suite Detected

Commit: 2a7283a7

No test script found in package.json. Add a test script to enable automated testing.

## ⚠️ No Test Suite Detected **Commit:** `2a7283a7` No `test` script found in `package.json`. Add a test script to enable automated testing.
pook commented 2026-04-10 15:08:21 -04:00
Author
Owner
Copy link

Closed 2026-04-10 during pipeline triage.

Merge conflicts with current main were blocking the CEO agent's backlog view. The compliancebot repo had ~60 open PRs and 141 open agent-task issues. CEO couldn't see progress and kept duplicating work due to a git-push race in agent-worker (now fixed — runId threaded through dispatch pipeline for unique branch names).

Reopen / resubmit against current main if the work is still relevant. Shim /shim/ceo route now injects open issues + PRs into the CEO prompt and refuses dispatch when backlog exceeds 20.

Closed 2026-04-10 during pipeline triage. Merge conflicts with current main were blocking the CEO agent's backlog view. The compliancebot repo had ~60 open PRs and 141 open agent-task issues. CEO couldn't see progress and kept duplicating work due to a git-push race in agent-worker (now fixed — runId threaded through dispatch pipeline for unique branch names). Reopen / resubmit against current main if the work is still relevant. Shim `/shim/ceo` route now injects open issues + PRs into the CEO prompt and refuses dispatch when backlog exceeds 20.
pook closed this pull request 2026-04-10 15:08:21 -04:00
Some checks are pending
agent-worker/pr-tests Running PR tests...

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
agent-task

Task for autonomous agent execution

  
agent-task

Paperclip autonomous agent task

No labels
agent-task
agent-task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
pook/compliancebot!51
No description provided.