waveterm/pkg/authkey/authkey.go

// Copyright 2025, Command Line Inc.
// SPDX-License-Identifier: Apache-2.0

package authkey

import (
	"fmt"
	"net/http"
	"os"
)

var authkey string

const WaveAuthKeyEnv = "WAVETERM_AUTH_KEY"
const AuthKeyHeader = "X-AuthKey"

func ValidateIncomingRequest(r *http.Request) error {
	reqAuthKey := r.Header.Get(AuthKeyHeader)
	if reqAuthKey == "" {
		return fmt.Errorf("no x-authkey header")
	}
	if reqAuthKey != GetAuthKey() {
		return fmt.Errorf("x-authkey header is invalid")
	}
	return nil
}

func SetAuthKeyFromEnv() error {
	authkey = os.Getenv(WaveAuthKeyEnv)
	if authkey == "" {
		return fmt.Errorf("no auth key found in environment variables")
	}
	os.Unsetenv(WaveAuthKeyEnv)
	return nil
}

func GetAuthKey() string {
	return authkey
}
Happy new year! (#1684) Update all 2024 references to 2025 2025-01-05 04:56:57 +00:00			`// Copyright 2025, Command Line Inc.`
Add authkey header for requests to the backend (#256) With this PR, Electron will generate a new authorization key that the Go backend will look for in any incoming requests. The Electron backend will inject this header with all requests to the backend to ensure no additional work is required on the frontend. This also adds a `fetchutil` abstraction that will use the Electron `net` module when calls are made from the Electron backend to the Go backend. When using the `node:fetch` module, Electron can't inject headers to requests. The Electron `net` module is also faster than the Node module. This also breaks out platform functions in emain into their own file so other emain modules can import them. 2024-08-21 22:04:39 +00:00			`// SPDX-License-Identifier: Apache-2.0`

			`package authkey`

			`import (`
			`"fmt"`
			`"net/http"`
			`"os"`
			`)`

			`var authkey string`

fix for waveterm environment variables leaking from prod to dev (#1153) 2024-10-27 20:12:41 +00:00			`const WaveAuthKeyEnv = "WAVETERM_AUTH_KEY"`
make auth key header a constant 2024-08-26 20:55:47 +00:00			`const AuthKeyHeader = "X-AuthKey"`

			`func ValidateIncomingRequest(r *http.Request) error {`
			`reqAuthKey := r.Header.Get(AuthKeyHeader)`
			`if reqAuthKey == "" {`
			`return fmt.Errorf("no x-authkey header")`
			`}`
			`if reqAuthKey != GetAuthKey() {`
			`return fmt.Errorf("x-authkey header is invalid")`
			`}`
			`return nil`
			`}`
Add authkey header for requests to the backend (#256) With this PR, Electron will generate a new authorization key that the Go backend will look for in any incoming requests. The Electron backend will inject this header with all requests to the backend to ensure no additional work is required on the frontend. This also adds a `fetchutil` abstraction that will use the Electron `net` module when calls are made from the Electron backend to the Go backend. When using the `node:fetch` module, Electron can't inject headers to requests. The Electron `net` module is also faster than the Node module. This also breaks out platform functions in emain into their own file so other emain modules can import them. 2024-08-21 22:04:39 +00:00
			`func SetAuthKeyFromEnv() error {`
fix for waveterm environment variables leaking from prod to dev (#1153) 2024-10-27 20:12:41 +00:00			`authkey = os.Getenv(WaveAuthKeyEnv)`
Add authkey header for requests to the backend (#256) With this PR, Electron will generate a new authorization key that the Go backend will look for in any incoming requests. The Electron backend will inject this header with all requests to the backend to ensure no additional work is required on the frontend. This also adds a `fetchutil` abstraction that will use the Electron `net` module when calls are made from the Electron backend to the Go backend. When using the `node:fetch` module, Electron can't inject headers to requests. The Electron `net` module is also faster than the Node module. This also breaks out platform functions in emain into their own file so other emain modules can import them. 2024-08-21 22:04:39 +00:00			`if authkey == "" {`
			`return fmt.Errorf("no auth key found in environment variables")`
			`}`
fix for waveterm environment variables leaking from prod to dev (#1153) 2024-10-27 20:12:41 +00:00			`os.Unsetenv(WaveAuthKeyEnv)`
Add authkey header for requests to the backend (#256) With this PR, Electron will generate a new authorization key that the Go backend will look for in any incoming requests. The Electron backend will inject this header with all requests to the backend to ensure no additional work is required on the frontend. This also adds a `fetchutil` abstraction that will use the Electron `net` module when calls are made from the Electron backend to the Go backend. When using the `node:fetch` module, Electron can't inject headers to requests. The Electron `net` module is also faster than the Node module. This also breaks out platform functions in emain into their own file so other emain modules can import them. 2024-08-21 22:04:39 +00:00			`return nil`
			`}`

			`func GetAuthKey() string {`
			`return authkey`
			`}`