From 893780adaa2e4e9b6934d637f92e79b27fa7e1c6 Mon Sep 17 00:00:00 2001
From: Flip-Liquid <13227294+Flip-Liquid@users.noreply.github.com>
Date: Mon, 22 Apr 2024 22:29:01 -0400
Subject: [PATCH] swagger fixups (#252)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🤏💻 fix url for swagger ui
* 🔐 auth fixups for validating bearer token
* 🤏🔐 typo in error msg
---
 spec/oas_v1.yaml               |  2 +-
 src/app/lib/middleware/auth.ts | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/spec/oas_v1.yaml b/spec/oas_v1.yaml
index 7d17498d4..d5dd51c6c 100644
--- a/spec/oas_v1.yaml
+++ b/spec/oas_v1.yaml
@@ -9,7 +9,7 @@ info:
     name: MIT
     url: https://opensource.org/licenses/MIT
 servers:
-  - url: vote.optimisim.io/api/v1
+  - url: https://vote.optimism.io/api/v1
     description: Base URL for optimism production
 security:
   - bearerAuth: []
diff --git a/src/app/lib/middleware/auth.ts b/src/app/lib/middleware/auth.ts
index 001fe64b8..6899e8869 100644
--- a/src/app/lib/middleware/auth.ts
+++ b/src/app/lib/middleware/auth.ts
@@ -5,7 +5,7 @@ import { validate as validateUuid } from "uuid";
 let prismaModule: any;
 
 const HASH_FN = "sha256";
-const REASON_NO_TOKEN = "No token provided in 'authorization' header";
+const REASON_NO_TOKEN = "No token provided in 'Authorization' header";
 const REASON_INVALID_API_KEY = "Invalid API Key";
 const REASON_DISABLED_USER = "User disabled";
 
@@ -15,8 +15,15 @@ export type AuthResponse = {
   reason?: string;
 };
 
+export function extractBearerToken(token?: string | null) {
+  if (token && token.split(" ")[0] === "Bearer") {
+    return token.split(" ")[1];
+  }
+  return null;
+}
+
 export function hasApiKey(request: NextRequest): AuthResponse {
-  const token = request.headers.get("authorization");
+  const token = extractBearerToken(request.headers.get("Authorization"));
   let authResponse: AuthResponse = { authenticated: true, reason: "" };
 
   if (!token) {
@@ -52,7 +59,7 @@ export async function authenticateApiUser(
 
   let authResponse: AuthResponse = hasApiKey(request);
 
-  const key = request.headers.get("authorization");
+  const key = extractBearerToken(request.headers.get("Authorization"));
 
   if (!key) {
     return authResponse;