feat: use the same Authorization header for jwt and api key

2026-02-17 05:10:31 +00:00 · 2025-07-02 08:30:53 +02:00
parent 5d96357042
commit adb1bea374
6 changed files with 22 additions and 6 deletions
--- a/packages/server/src/modules/Auth/api-key/AuthApiKey.strategy.ts
+++ b/packages/server/src/modules/Auth/api-key/AuthApiKey.strategy.ts
@@ -13,8 +13,8 @@ export class ApiKeyStrategy extends PassportStrategy(
  ) {
    super(
      {
-        header: 'x-api-key',
-        prefix: '',
+        header: 'Authorization',
+        prefix: 'Bearer ',
      },
      false,
    );
--- a/packages/server/src/modules/Auth/api-key/MixedAuth.guard.ts
+++ b/packages/server/src/modules/Auth/api-key/MixedAuth.guard.ts
@@ -1,6 +1,7 @@
 import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
 import { JwtAuthGuard } from '../guards/jwt.guard';
 import { ApiKeyAuthGuard } from './AuthApiKey.guard';
+import { getAuthApiKey } from '../Auth.utils';

 // mixed-auth.guard.ts
@Injectable()
@@ -12,7 +13,7 @@ export class MixedAuthGuard implements CanActivate {

  canActivate(context: ExecutionContext) {
    const request = context.switchToHttp().getRequest();
-    const apiKey = request.headers['x-api-key'];
+    const apiKey = getAuthApiKey(request.headers['authorization'] || '');

    if (apiKey) {
      return this.apiKeyGuard.canActivate(context);