function validateApiKey()

in apps/mountebank-mock/mountebank-source/src/util/middleware.js [222:254]

• 31 lines of code
• 4 McCabe index (conditional complexity)

function validateApiKey (expectedApiKey, log) {
    return function (request, response, next) {
        if (!expectedApiKey) {
            next();
            return;
        }

        if (!request.headers['x-api-key']) {
            log.error('The x-api-key header is required but was not provided');
            response.statusCode = 401;
            response.send({
                errors: [errors.UnauthorizedError()]
            });
            return;
        }

        const crypto = require('crypto');
        const hash = crypto.createHash('sha512');
        if (crypto.timingSafeEqual(
            hash.copy().update(request.headers['x-api-key']).digest(),
            hash.copy().update(expectedApiKey).digest()
        )) {
            next();
        }
        else {
            log.error('The x-api-key header value does not match the expected API key');
            response.statusCode = 401;
            response.send({
                errors: [errors.UnauthorizedError()]
            });
        }
    };
}