drive/packages/auth/index.ts

/**
 * An unhashed api key.
 * Always starts with sk, then the prefix specified at time of generation,
 * and ends with the base64url-encoded key.
 */
export type UnhashedApiKey = `sk-${ApiKeyPrefix}-${string}`

export type ApiKeyPrefix = string & { __brand: "ApiKeyPrefix" }

export type GenerateApiKeyOptions = {
	/**
	 * How long the key should be (excluding prefix) in bytes.
	 */
	keyByteLength: number

	/**
	 * Prefix of the api key. Can be a brief name of the consumer of the key.
	 * For example, if the prefix is "proxy", the key will be "sk-proxy-asdasjdjsdkjd.."
	 */
	prefix: ApiKeyPrefix

	expiresAt?: Date
	description: string
}

export type GenerateApiKeyResult = {
	unhashedKey: UnhashedApiKey
	hashedKey: string
	expiresAt?: Date
	description: string
}

export function newPrefix(prefix: string): ApiKeyPrefix | null {
	if (prefix.includes("-")) {
		return null
	}
	return prefix as ApiKeyPrefix
}

export async function generateApiKey({
	keyByteLength,
	prefix,
	expiresAt,
	description,
}: GenerateApiKeyOptions): Promise<GenerateApiKeyResult> {
	const keyContent = new Uint8Array(keyByteLength)
	crypto.getRandomValues(keyContent)

	const base64KeyContent = Buffer.from(keyContent).toString("base64url")
	const unhashedKey: UnhashedApiKey = `sk-${prefix}-${base64KeyContent}`

	const hashedKey = await Bun.password.hash(unhashedKey, {
		algorithm: "argon2id",
		memoryCost: 4, // memory usage in kibibytes
		timeCost: 3, // the number of iterations
	})

	return {
		unhashedKey,
		hashedKey,
		expiresAt,
		description,
	}
}
feat: auth pkg and file proxy scaffold Co-authored-by: Ona <no-reply@ona.com> 2025-10-19 17:05:15 +00:00			`/**`
			`* An unhashed api key.`
			`* Always starts with sk, then the prefix specified at time of generation,`
			`* and ends with the base64url-encoded key.`
			`*/`
			export type UnhashedApiKey = `sk-${ApiKeyPrefix}-${string}`

			`export type ApiKeyPrefix = string & { __brand: "ApiKeyPrefix" }`

			`export type GenerateApiKeyOptions = {`
			`/**`
			`* How long the key should be (excluding prefix) in bytes.`
			`*/`
			`keyByteLength: number`

			`/**`
			`* Prefix of the api key. Can be a brief name of the consumer of the key.`
			`* For example, if the prefix is "proxy", the key will be "sk-proxy-asdasjdjsdkjd.."`
			`*/`
			`prefix: ApiKeyPrefix`

			`expiresAt?: Date`
			`description: string`
			`}`

			`export type GenerateApiKeyResult = {`
			`unhashedKey: UnhashedApiKey`
			`hashedKey: string`
			`expiresAt?: Date`
			`description: string`
			`}`

			`export function newPrefix(prefix: string): ApiKeyPrefix \| null {`
			`if (prefix.includes("-")) {`
			`return null`
			`}`
			`return prefix as ApiKeyPrefix`
			`}`

			`export async function generateApiKey({`
			`keyByteLength,`
			`prefix,`
			`expiresAt,`
			`description,`
			`}: GenerateApiKeyOptions): Promise<GenerateApiKeyResult> {`
			`const keyContent = new Uint8Array(keyByteLength)`
			`crypto.getRandomValues(keyContent)`

			`const base64KeyContent = Buffer.from(keyContent).toString("base64url")`
			const unhashedKey: UnhashedApiKey = `sk-${prefix}-${base64KeyContent}`

			`const hashedKey = await Bun.password.hash(unhashedKey, {`
			`algorithm: "argon2id",`
			`memoryCost: 4, // memory usage in kibibytes`
			`timeCost: 3, // the number of iterations`
			`})`

			`return {`
			`unhashedKey,`
			`hashedKey,`
			`expiresAt,`
			`description,`
			`}`
			`}`