@layer-ai/core 0.1.4 → 0.1.6

package/dist/middleware/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAK1D,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB;KACF;CACF;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,IAAI,CAAC,CA8Ef;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CAWN"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAK1D,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB;KACF;CACF;AAED;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,IAAI,CAAC,CAkFf;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAC1B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,GACjB,IAAI,CAWN"}

package/dist/middleware/auth.js

@@ -25,45 +25,49 @@ export async function authenticate(req, res, next) {
             });
             return;
         }
-        const apiKey = authHeader.substring(7); // Remove "Bearer "
-        if (!apiKey || !apiKey.startsWith('layer_')) {
+        const token = authHeader.substring(7); // Remove "Bearer "
+        if (!token) {
             res.status(401).json({
                 error: 'unauthorized',
-                message: 'Invalid API key format. Must start with "layer_"',
+                message: 'Missing token',
             });
             return;
         }
-        const keyHash = crypto
+        const tokenHash = crypto
             .createHash('sha256')
-            .update(apiKey)
+            .update(token)
             .digest('hex');
-        const apiKeyRecord = await db.getApiKeyByHash(keyHash);
-        if (!apiKeyRecord) {
-            // Not an API key (it's potentially a session key)
-            const sessionKey = await db.getSessionKeyByHash(keyHash);
-            if (!sessionKey) {
-                res.status(401).json({ error: 'unauthorized', message: 'Invalid API key' });
+        // All tokens start with 'layer_', so we need to check both API keys and session keys
+        // First try API keys
+        const apiKeyRecord = await db.getApiKeyByHash(tokenHash);
+        if (apiKeyRecord) {
+            if (!apiKeyRecord.isActive) {
+                res.status(401).json({
+                    error: 'unauthorized',
+                    message: 'API key has been revoked',
+                });
                 return;
             }
-            req.userId = sessionKey.userId;
+            // Attach userId to request for downstream handlers
+            req.userId = apiKeyRecord.userId;
+            req.apiKeyHash = tokenHash;
+            // Update last_used_at timestamp (async, dont await)
+            db.updateApiKeyLastUsed(tokenHash).catch((err) => {
+                console.error('Failed to update API key last_used_at:', err);
+            });
             next();
             return;
         }
-        if (!apiKeyRecord.isActive) {
-            res.status(401).json({
-                error: 'unauthorized',
-                message: 'API key has been revoked',
-            });
+        // Not an API key, try session key
+        const sessionKey = await db.getSessionKeyByHash(tokenHash);
+        if (sessionKey) {
+            req.userId = sessionKey.userId;
+            next();
             return;
         }
-        // Attach userId to request for downstream handlers
-        req.userId = apiKeyRecord.userId;
-        req.apiKeyHash = keyHash;
-        // Update last_used_at timestamp (async, dont await)
-        db.updateApiKeyLastUsed(keyHash).catch((err) => {
-            console.error('Failed to update API key last_used_at:', err);
-        });
-        next();
+        // Neither API key nor session key
+        res.status(401).json({ error: 'unauthorized', message: 'Invalid token' });
+        return;
     }
     catch (error) {
         console.error('Authentication error:', error);

package/dist/routes/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,SAAS,CAAC;AAKpD,QAAA,MAAM,MAAM,EAAE,UAAqB,CAAC;AAoGpC,eAAe,MAAM,CAAC"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,SAAS,CAAC;AAKpD,QAAA,MAAM,MAAM,EAAE,UAAqB,CAAC;AA4FpC,eAAe,MAAM,CAAC"}

package/dist/routes/auth.js

@@ -79,11 +79,4 @@ router.post('/token', async (req, res) => {
         res.status(500).json({ error: 'internal_error', message: 'Failed to create api key' });
     }
 });
-// GET /auth/session
-// This endpoint is used by NextAuth to check session status
-router.get('/session', async (req, res) => {
-    // For now, return null session (not authenticated via this endpoint)
-    // NextAuth will handle sessions via its own mechanism
-    res.json({ user: null });
-});
 export default router;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@layer-ai/core",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Core API routes and services for Layer AI",
   "type": "module",
   "main": "./dist/index.js",