Add consistent prefix validation for both auth methods

Co-authored-by: SrIzan10 <66965250+SrIzan10@users.noreply.github.com>
2026-06-06 00:56:56 +00:00 · 2026-01-30 16:04:33 +00:00
parent 7262b0e5c2
commit 1fadaa3600
1 changed files with 6 additions and 1 deletions
--- a/apps/chat/src/index.ts
+++ b/apps/chat/src/index.ts
@@ -44,9 +44,14 @@ app.get(
      let personalChannel: any = null;

      // Check for bot authentication via Authorization header or botAuth query parameter
+      // Authorization header takes precedence if both are provided
      let apiKey: string | null = null;
      if (authHeader && authHeader.startsWith('Bearer ')) {
-        apiKey = authHeader.substring(7);
+        const extractedKey = authHeader.substring(7);
+        // Validate the API key format before attempting database lookup
+        if (extractedKey.startsWith('hctvb_')) {
+          apiKey = extractedKey;
+        }
      } else if (botAuth && typeof botAuth === 'string' && botAuth.trim().length > 0) {
        // Validate botAuth query parameter format
        if (botAuth.startsWith('hctvb_')) {