fix: tracking script

Author: izadoesdev

apps/api/src/index.ts

@@ -6,6 +6,7 @@ import { fetchRequestHandler } from '@trpc/server/adapters/fetch';
 import { autumnHandler } from 'autumn-js/elysia';
 import { Elysia } from 'elysia';
 import { logger } from './lib/logger';
+import { createAuthMiddleware } from './middleware/auth';
 import { assistant } from './routes/assistant';
 import { health } from './routes/health';
 import { query } from './routes/query';
@@ -22,6 +23,7 @@ const app = new Elysia()
 			],
 		})
 	)
+	.use(createAuthMiddleware())
 	.use(
 		autumnHandler({
 			identify: async ({ request }) => {

apps/api/src/lib/logger.ts

@@ -2,8 +2,13 @@ import { Logtail } from '@logtail/edge';
 
 const token = process.env.LOGTAIL_SOURCE_TOKEN as string;
 const endpoint = process.env.LOGTAIL_ENDPOINT as string;
-export const logger = new Logtail(token || '', {
-	endpoint: endpoint || '',
+
+if (!(token && endpoint)) {
+	console.log('LOGTAIL_SOURCE_TOKEN and LOGTAIL_ENDPOINT must be set');
+}
+
+export const logger = new Logtail(token, {
+	endpoint,
 	batchSize: 10,
 	batchInterval: 1000,
 });

apps/api/src/middleware/auth.ts

@@ -0,0 +1,175 @@
+import { auth, type User } from '@databuddy/auth';
+import { apikey, apikeyAccess, db } from '@databuddy/db';
+import { eq, type InferSelectModel } from 'drizzle-orm';
+import { Elysia } from 'elysia';
+
+type ApiScope = InferSelectModel<typeof apikey>['scopes'][number];
+
+export interface ApiKeyAuthContext {
+	apikey: InferSelectModel<typeof apikey>;
+	scopes: ApiScope[];
+	principal: { userId?: string | null; organizationId?: string | null };
+}
+
+export interface AuthContext {
+	mode: 'session' | 'apiKey' | 'public';
+	session?: { user: User } | null;
+	apiKey?: ApiKeyAuthContext;
+	identifier: string; // for rate limiting and logging
+}
+
+export function extractApiKey(headers: Headers): string | null {
+	const authHeader = headers.get('authorization');
+	const xApiKey = headers.get('x-api-key');
+
+	if (xApiKey && xApiKey.trim().length > 0) {
+		return xApiKey.trim();
+	}
+
+	if (!authHeader) {
+		return null;
+	}
+
+	const parts = authHeader.split(' ');
+	if (parts.length === 2) {
+		const scheme = parts[0] ?? '';
+		const token = parts[1] ?? '';
+		const normalized = scheme.toLowerCase();
+		if (normalized === 'bearer' || normalized === 'apikey') {
+			return token.trim() || null;
+		}
+	}
+	return null;
+}
+
+export async function resolveApiKeyContext(
+	key: string
+): Promise<ApiKeyAuthContext | null> {
+	const found = await db.query.apikey.findFirst({ where: eq(apikey.key, key) });
+	if (!found) {
+		return null;
+	}
+
+	if (!found.enabled) {
+		return null;
+	}
+	if (found.revokedAt != null) {
+		return null;
+	}
+	if (found.expiresAt && new Date(found.expiresAt).getTime() < Date.now()) {
+		return null;
+	}
+
+	const accessRows = await db
+		.select()
+		.from(apikeyAccess)
+		.where(eq(apikeyAccess.apikeyId, found.id));
+
+	const effectiveScopes = new Set<ApiScope>();
+	for (const s of found.scopes) {
+		effectiveScopes.add(s as ApiScope);
+	}
+	for (const row of accessRows) {
+		for (const s of row.scopes) {
+			effectiveScopes.add(s as ApiScope);
+		}
+	}
+
+	return {
+		apikey: found,
+		scopes: Array.from(effectiveScopes),
+		principal: {
+			userId: found.userId ?? null,
+			organizationId: found.organizationId ?? null,
+		},
+	};
+}
+
+export function createAuthMiddleware() {
+	return new Elysia().derive(async ({ request }) => {
+		const session = await auth.api.getSession({ headers: request.headers });
+		if (session?.user) {
+			const identifier = session.user.id;
+			return {
+				auth: {
+					mode: 'session',
+					session: { user: session.user as User },
+					identifier,
+				} as AuthContext,
+			} as const;
+		}
+
+		const key = extractApiKey(request.headers);
+		if (key) {
+			const apiKeyCtx = await resolveApiKeyContext(key);
+			if (apiKeyCtx) {
+				const identifier = `apikey:${apiKeyCtx.apikey.id}`;
+				return {
+					auth: {
+						mode: 'apiKey',
+						apiKey: apiKeyCtx,
+						session: null,
+						identifier,
+					} as AuthContext,
+				} as const;
+			}
+		}
+
+		return {
+			auth: {
+				mode: 'public',
+				session: null,
+				identifier: 'anonymous',
+			} as AuthContext,
+		} as const;
+	});
+}
+
+export function hasRequiredScopes(
+	scopes: ApiScope[],
+	required: ApiScope[]
+): boolean {
+	if (!required.length) {
+		return true;
+	}
+	const set = new Set(scopes);
+	for (const req of required) {
+		if (!set.has(req)) {
+			return false;
+		}
+	}
+	return true;
+}
+
+export async function resolveResourceScopes(
+	apiKeyId: string,
+	resourceType: 'global' | 'website' | 'ab_experiment' | 'feature_flag',
+	resourceId?: string | null
+): Promise<ApiScope[]> {
+	const key = await db.query.apikey.findFirst({
+		where: eq(apikey.id, apiKeyId),
+	});
+	if (!key) {
+		return [];
+	}
+	const entries = await db
+		.select()
+		.from(apikeyAccess)
+		.where(eq(apikeyAccess.apikeyId, apiKeyId));
+	const effective = new Set<ApiScope>();
+	for (const s of key.scopes) {
+		effective.add(s as ApiScope);
+	}
+	for (const e of entries) {
+		const match =
+			e.resourceType === 'global' ||
+			(e.resourceType === resourceType &&
+				(resourceId ?? null) === (e.resourceId ?? null));
+		if (match) {
+			for (const s of e.scopes) {
+				effective.add(s as ApiScope);
+			}
+		}
+	}
+	return Array.from(effective);
+}

apps/api/src/middleware/logging.ts

@@ -1,4 +1,4 @@
-import { auth } from '@databuddy/auth';
+import { auth, type User } from '@databuddy/auth';
 import { Elysia } from 'elysia';
 import type { StreamingUpdate } from '../agent';
 import {
@@ -21,15 +21,11 @@ async function* createErrorResponse(
 export const assistant = new Elysia({ prefix: '/v1/assistant' })
 	.use(createRateLimitMiddleware({ type: 'expensive' }))
 	.derive(async ({ request }) => {
-		const session = await auth.api.getSession({
-			headers: request.headers,
-		});
-
+		const session = await auth.api.getSession({ headers: request.headers });
 		if (!session?.user) {
 			throw new Error('Unauthorized');
 		}
-
-		return { user: session.user, session };
+		return { user: session.user as User, session };
 	})
 	.post(
 		'/stream',

apps/api/src/routes/assistant.ts

@@ -98,19 +98,19 @@ export default function Layout({ children }: { children: ReactNode }) {
 			lang="en"
 			suppressHydrationWarning
 		>
+			<Script
+				async
+				data-client-id="OXmNQsViBT-FOS_wZCTHc"
+				data-track-attributes={true}
+				data-track-errors={true}
+				data-track-outgoing-links={true}
+				data-track-web-vitals={true}
+				src="https://cdn.databuddy.cc/databuddy.js"
+				strategy="afterInteractive"
+			/>
 			<Head>
 				<link href="https://icons.duckduckgo.com" rel="preconnect" />
 				<link href="https://icons.duckduckgo.com" rel="dns-prefetch" />
-				<Script
-					async
-					data-client-id="OXmNQsViBT-FOS_wZCTHc"
-					data-track-attributes={true}
-					data-track-errors={true}
-					data-track-outgoing-links={true}
-					data-track-web-vitals={true}
-					src="https://cdn.databuddy.cc/databuddy.js"
-					strategy="afterInteractive"
-				/>
 			</Head>
 			<body>
 				<ThemeProvider attribute="class" defaultTheme="system" enableSystem>