Adding HTTP Header Authentication

server/db/pg/schema.ts

@@ -380,6 +380,14 @@ export const resourcePassword = pgTable("resourcePassword", {
     passwordHash: varchar("passwordHash").notNull()
 });
 
+export const resourceHeaderAuth = pgTable("resourceHeaderAuth", {
+    headerAuthId: serial("headerAuthId").primaryKey(),
+    resourceId: integer("resourceId")
+        .notNull()
+        .references(() => resources.resourceId, { onDelete: "cascade" }),
+    headerAuthHash: varchar("headerAuthHash").notNull()
+});
+
 export const resourceAccessToken = pgTable("resourceAccessToken", {
     accessTokenId: varchar("accessTokenId").primaryKey(),
     orgId: varchar("orgId")
@@ -689,6 +697,7 @@ export type UserOrg = InferSelectModel<typeof userOrgs>;
 export type ResourceSession = InferSelectModel<typeof resourceSessions>;
 export type ResourcePincode = InferSelectModel<typeof resourcePincode>;
 export type ResourcePassword = InferSelectModel<typeof resourcePassword>;
+export type ResourceHeaderAuth = InferSelectModel<typeof resourceHeaderAuth>;
 export type ResourceOtp = InferSelectModel<typeof resourceOtp>;
 export type ResourceAccessToken = InferSelectModel<typeof resourceAccessToken>;
 export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;

server/db/queries/verifySessionQueries.ts

@@ -6,6 +6,8 @@ import {
     ResourceRule,
     resourcePassword,
     resourcePincode,
+    resourceHeaderAuth,
+    ResourceHeaderAuth,
     resourceRules,
     resources,
     roleResources,
@@ -24,6 +26,7 @@ export type ResourceWithAuth = {
     resource: Resource | null;
     pincode: ResourcePincode | null;
     password: ResourcePassword | null;
+    headerAuth: ResourceHeaderAuth | null;
 };
 
 export type UserSessionWithUser = {
@@ -72,6 +75,10 @@ export async function getResourceByDomain(
             resourcePassword,
             eq(resourcePassword.resourceId, resources.resourceId)
         )
+        .leftJoin(
+            resourceHeaderAuth,
+            eq(resourceHeaderAuth.resourceId, resources.resourceId)
+        )
         .where(eq(resources.fullDomain, domain))
         .limit(1);
 
@@ -82,7 +89,8 @@ export async function getResourceByDomain(
     return {
         resource: result.resources,
         pincode: result.resourcePincode,
-        password: result.resourcePassword
+        password: result.resourcePassword,
+        headerAuth: result.resourceHeaderAuth
     };
 }
 

server/db/sqlite/schema.ts

@@ -513,6 +513,16 @@ export const resourcePassword = sqliteTable("resourcePassword", {
     passwordHash: text("passwordHash").notNull()
 });
 
+export const resourceHeaderAuth = sqliteTable("resourceHeaderAuth", {
+    headerAuthId: integer("headerAuthId").primaryKey({
+        autoIncrement: true
+    }),
+    resourceId: integer("resourceId")
+        .notNull()
+        .references(() => resources.resourceId, { onDelete: "cascade" }),
+    headerAuthHash: text("headerAuthHash").notNull()
+});
+
 export const resourceAccessToken = sqliteTable("resourceAccessToken", {
     accessTokenId: text("accessTokenId").primaryKey(),
     orgId: text("orgId")
@@ -728,6 +738,7 @@ export type UserOrg = InferSelectModel<typeof userOrgs>;
 export type ResourceSession = InferSelectModel<typeof resourceSessions>;
 export type ResourcePincode = InferSelectModel<typeof resourcePincode>;
 export type ResourcePassword = InferSelectModel<typeof resourcePassword>;
+export type ResourceHeaderAuth = InferSelectModel<typeof resourceHeaderAuth>;
 export type ResourceOtp = InferSelectModel<typeof resourceOtp>;
 export type ResourceAccessToken = InferSelectModel<typeof resourceAccessToken>;
 export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;