diff options
| -rw-r--r-- | packages/opencode/src/server/routes/instance/httpapi/auth.ts | 43 |
1 files changed, 24 insertions, 19 deletions
diff --git a/packages/opencode/src/server/routes/instance/httpapi/auth.ts b/packages/opencode/src/server/routes/instance/httpapi/auth.ts index adddcc4be..fe72b7822 100644 --- a/packages/opencode/src/server/routes/instance/httpapi/auth.ts +++ b/packages/opencode/src/server/routes/instance/httpapi/auth.ts @@ -8,13 +8,16 @@ class Unauthorized extends Schema.TaggedErrorClass<Unauthorized>()( { httpApiStatus: 401 }, ) {} -export class Authorization extends HttpApiMiddleware.Service<Authorization>()("@opencode/ExperimentalHttpApiAuthorization", { - error: Unauthorized, - security: { - basic: HttpApiSecurity.basic, - authToken: HttpApiSecurity.apiKey({ in: "query", key: "auth_token" }), +export class Authorization extends HttpApiMiddleware.Service<Authorization>()( + "@opencode/ExperimentalHttpApiAuthorization", + { + error: Unauthorized, + security: { + basic: HttpApiSecurity.basic, + authToken: HttpApiSecurity.apiKey({ in: "query", key: "auth_token" }), + }, }, -}) {} +) {} const emptyCredential = { username: "", @@ -39,19 +42,21 @@ function validateCredential<A, E, R>( } function decodeCredential(input: string) { - return Encoding.decodeBase64String(input).asEffect().pipe( - Effect.match({ - onFailure: () => emptyCredential, - onSuccess: (header) => { - const parts = header.split(":") - if (parts.length !== 2) return emptyCredential - return { - username: parts[0], - password: Redacted.make(parts[1]), - } - }, - }), - ) + return Encoding.decodeBase64String(input) + .asEffect() + .pipe( + Effect.match({ + onFailure: () => emptyCredential, + onSuccess: (header) => { + const parts = header.split(":") + if (parts.length !== 2) return emptyCredential + return { + username: parts[0], + password: Redacted.make(parts[1]), + } + }, + }), + ) } export const authorizationLayer = Layer.succeed( |