mcp auth.ts

0% Statements 0/39

0% Branches 0/1

0% Functions 0/1

0% Lines 0/39

Press n or j to go to the next uncovered block, b, p or k for the previous block.


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  /**
 * MCP API Key authentication utilities
 */

import { eq, and, isNull } from 'drizzle-orm'
import { db, schema } from '@/db'

/**
 * Validate an MCP API key and return the associated userId
 * Returns null if the key is invalid or revoked
 */
export async function validateMcpApiKey(key: string): Promise<string | null> {
  if (!key) return null

  const apiKey = await db.query.mcpApiKeys.findFirst({
    where: and(eq(schema.mcpApiKeys.key, key), isNull(schema.mcpApiKeys.revokedAt)),
  })

  if (!apiKey) return null

  // Update last used timestamp (fire and forget)
  db.update(schema.mcpApiKeys)
    .set({ lastUsedAt: new Date() })
    .where(eq(schema.mcpApiKeys.id, apiKey.id))
    .catch(console.error)

  return apiKey.userId
}

/**
 * Generate a random API key (32-byte hex string)
 */
export function generateApiKey(): string {
  const bytes = new Uint8Array(32)
  crypto.getRandomValues(bytes)
  return Array.from(bytes)
    .map((b) => b.toString(16).padStart(2, '0'))
    .join('')
}