start rudimentary api key validation

Author: jjnp

services/src/auth/api-key.ts

@@ -0,0 +1,4 @@
+export const checkApiKeyAccess = async (apiKey: string, project: string): Promise<boolean> => {
+	//TODO implement
+	return Promise.resolve(false)
+}

src/lib/server/request-utils.ts

@@ -0,0 +1,11 @@
+import { error } from '@sveltejs/kit'
+import type { z } from 'zod'
+
+export const validateRequestBody = async <T>(req: Request, schema: z.ZodSchema<T>): Promise<T> => {
+	const body = await req.json()
+	const validationResult = schema.safeParse(body)
+	if (!validationResult.success) {
+		error(400, 'Invalid request')
+	}
+	return validationResult.data
+}

src/routes/(api)/api/[project]/[lang]/translations/+server.ts

@@ -1,12 +1,18 @@
+import { validateRequestBody } from '$lib/server/request-utils'
+import { authorize } from '../../../api-utils'
+import { translationPOSTRequestSchema, type ProjectId } from '../../../api.model'
 import type { RequestHandler } from './$types'
 
-export const POST: RequestHandler = ({ params }) => {
+export const POST: RequestHandler = async ({ params, request }) => {
+	authorize(request, params.project as ProjectId)
+	const newTranslations = validateRequestBody(request, translationPOSTRequestSchema)
 	return new Response(
-		`getting POST for translations on project "${params.project}" and lang "${params.lang}"`
+		`getting POST for translations on project "${params.project}" and lang "${params.lang}" with body "${JSON.stringify(newTranslations)}"`
 	)
 }
 
-export const GET: RequestHandler = ({ params }) => {
+export const GET: RequestHandler = ({ params, request }) => {
+	authorize(request, params.project as ProjectId)
 	return new Response(
 		`getting GET for translations on project "${params.project}" and lang "${params.lang}"`
 	)

src/routes/(api)/api/[project]/config/+server.ts

@@ -1,5 +1,13 @@
+import { validateRequestBody } from '$lib/server/request-utils'
+import { authorize } from '../../api-utils'
+import { projectConfigPOSTRequestSchema, type ProjectId } from '../../api.model'
 import type { RequestHandler } from './$types'
 
-export const POST: RequestHandler = ({ params }) => {
-	return new Response(`getting post for config on project "${params.project}"`)
+export const POST: RequestHandler = async ({ params, request }) => {
+	authorize(request, params.project as ProjectId)
+	const config = await validateRequestBody(request, projectConfigPOSTRequestSchema)
+
+	return new Response(
+		`getting post for config on project "${params.project}" with payload "${JSON.stringify(config)}"`
+	)
 }

src/routes/(api)/api/api-utils.ts

@@ -0,0 +1,17 @@
+import { checkApiKeyAccess } from 'services/auth/api-key'
+import type { ProjectId } from './api.model'
+import { error } from '@sveltejs/kit'
+
+export const authorize = async (req: Request, project: ProjectId) => {
+	const apiKey = req.headers.get('Authorization')
+	if (!apiKey) {
+		error(401, 'No API key provided in the Authorization header')
+	}
+	const hasAccess = await checkApiKeyAccess(apiKey, project)
+	if (!hasAccess) {
+		error(
+			403,
+			'The provided API key is invalid, the project does not exist, or the provided key does not grant access to the project'
+		)
+	}
+}

src/routes/(api)/api/api.model.ts

@@ -3,15 +3,14 @@ import { z } from 'zod'
 const translationKeySchema = z.string().brand('translation-key')
 export type TranslationKey = z.infer<typeof translationKeySchema>
 
-const translationLanguageSchema = z.string().brand('translation-language')
-export type TranslationLanguage = z.infer<typeof translationLanguageSchema>
-
 const translationValueSchema = z.string().brand('translation-value')
 export type TranslationValue = z.infer<typeof translationValueSchema>
 
+const projectIdSchema = z.string().brand('project-id')
+export type ProjectId = z.infer<typeof projectIdSchema>
+
 const addTranslationCommandSchema = z.object({
 	key: translationKeySchema,
-	lang: translationLanguageSchema,
 	value: translationValueSchema
 })
 export type AddTranslationCommand = z.infer<typeof addTranslationCommandSchema>