QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-18 13:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: use the same Authorization header for jwt and api key

Browse Source
This commit is contained in:
Ahmed Bouhuolia
2025-07-02 08:30:53 +02:00
parent 5d96357042
commit adb1bea374
6 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
packages/server/src/modules/Tenancy/TenancyGlobal.guard.ts
View File

@@ -8,6 +8,7 @@ import {
} from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { IS_PUBLIC_ROUTE } from '../Auth/Auth.constants';
import { getAuthApiKey } from '../Auth/Auth.utils';
export const IS_TENANT_AGNOSTIC = 'IS_TENANT_AGNOSTIC';
@@ -26,6 +27,7 @@ export class TenancyGlobalGuard implements CanActivate {
const request = context.switchToHttp().getRequest();
const organizationId = request.headers['organization-id'];
const authorization = request.headers['authorization']?.trim();
const isAuthApiKey = !!getAuthApiKey(authorization || '');
const isPublic = this.reflector.getAllAndOverride<boolean>(
IS_PUBLIC_ROUTE,
@@ -35,10 +37,10 @@ export class TenancyGlobalGuard implements CanActivate {
IS_TENANT_AGNOSTIC,
[context.getHandler(), context.getClass()],
);
if (isPublic || isTenantAgnostic) {
if (isPublic || isTenantAgnostic || isAuthApiKey) {
return true;
}
if (!isEmpty(authorization) && !organizationId) {
if (!organizationId) {
throw new UnauthorizedException('Organization ID is required.');
}
return true;