| 1 | import { StatusError } from 'itty-router'; |
| 2 | |
| 3 | export const verifyAuth = (request: Request, env: Env) => { |
| 4 | const authHeader = request.headers.get('Authorization'); |
| 5 | if (!authHeader) { |
| 6 | throw new StatusError(401, 'Unauthorized. Missing authorization header.'); |
| 7 | } |
| 8 | const [scheme, encoded] = authHeader.split(' '); |
| 9 | |
| 10 | // The Authorization header must start with Bearer, followed by a space. |
| 11 | if (!encoded || scheme !== 'Bearer') { |
| 12 | throw new StatusError(400, 'Bad Request. Malformed authorization header.'); |
| 13 | } |
| 14 | |
| 15 | if (encoded !== env.UPLOAD_KEY) { |
| 16 | throw new StatusError(401, 'Unauthorized. Invalid authorization token.'); |
| 17 | } |
| 18 | }; |