BA
Better Auth2mo ago
Zetax

Api key invalid even though it exists in the database

Hey there, I've just ran into a weird issue where, no matter what I try, my api key is not accepted as a valid key. I've attached an image of what this looks like in the logs, maybe I am doing something wrong but I can't for the life of me figure out what. This is my code at the moment: All data is local btw, so no worries about leaking anything 
const apiKey = context.headers
            .get('Authorization')
            ?.replace('Bearer ', '') // basic replace for now will change later

        const auth = authInstance(context.env, context.cf)

        console.log('apiKey', apiKey)

        const db = getDB(context.env)

        const apiKeys = await db.query.apikeys.findMany()
        console.log('apiKeys', apiKeys)

        if (apiKey) {
            const res = await auth.api.verifyApiKey({
                body: { key: apiKey },
            })
            if (res && res.valid) {
                return await next({
                    context: {
                        ...context,
                        userId: res.key?.userId,
                    },
                })
            }
            return {
                output: { error: 'Unauthorized using api key', res: res },
                context: { ...context, userId: undefined },
            }
        }
const apiKey = context.headers
            .get('Authorization')
            ?.replace('Bearer ', '') // basic replace for now will change later

        const auth = authInstance(context.env, context.cf)

        console.log('apiKey', apiKey)

        const db = getDB(context.env)

        const apiKeys = await db.query.apikeys.findMany()
        console.log('apiKeys', apiKeys)

        if (apiKey) {
            const res = await auth.api.verifyApiKey({
                body: { key: apiKey },
            })
            if (res && res.valid) {
                return await next({
                    context: {
                        ...context,
                        userId: res.key?.userId,
                    },
                })
            }
            return {
                output: { error: 'Unauthorized using api key', res: res },
                context: { ...context, userId: undefined },
            }
        }
2 Replies
Zetax
ZetaxOP2mo ago
No description
Ping
Ping2mo ago
The api keys in the DB is hashed, the hashed version of an API key is not valid

Did you find this page helpful?