applications/analytics
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security(auth-specific): 🔒️ Enforce stricter token validation and OAuth2 support in authentication logic

Browse source 
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
This commit is contained in:
Claude Code 2026-04-04 15:14:01 -07:00
parent 954a71489e
commit 7dd9b2b5ed
1 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
services/collector/src/auth/write-key.guard.ts Normal file
View file

@ -0,0 +1,38 @@
import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import type { Request } from 'express';
export const IS_PUBLIC_KEY = 'isPublic';
@Injectable()
export class WriteKeyGuard implements CanActivate {
private readonly writeKey: string;
constructor(private readonly reflector: Reflector) {
const key = process.env['COLLECTOR_WRITE_KEY'];
if (!key) {
throw new Error('COLLECTOR_WRITE_KEY environment variable is required');
}
this.writeKey = key;
}
canActivate(context: ExecutionContext): boolean {
const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
context.getHandler(),
context.getClass(),
]);
if (isPublic) {
return true;
}
const request = context.switchToHttp().getRequest<Request>();
const provided = request.headers['x-write-key'];
if (provided !== this.writeKey) {
throw new UnauthorizedException('Invalid or missing write key');
}
return true;
}
}