From bdd65914beff49f5e3082f21469add43873fd2db Mon Sep 17 00:00:00 2001 From: Pyronewbic Date: Mon, 11 May 2026 15:06:03 +0530 Subject: [PATCH 1/2] fix: authMiddleware accepts sandbox key --- api.js | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/api.js b/api.js index 917b9eb..dc6a946 100644 --- a/api.js +++ b/api.js @@ -405,11 +405,10 @@ app.get("/api/health", async (req, res) => { function authMiddleware(req, res, next) { const key = process.env.CASECOMP_API_KEY; + const sandboxKey = process.env.CASECOMP_SANDBOX_KEY; if (!key) return next(); - const auth = req.headers.authorization; - const query = req.query.key; - const token = auth?.startsWith("Bearer ") ? auth.slice(7) : query; - if (!token || token !== key) { + const token = getRequestToken(req); + if (!token || (token !== key && token !== sandboxKey)) { return res.status(401).json({ error: "Invalid or missing API key" }); } next(); From a8c8b0312875a269c459e3256b62957cf2781fb9 Mon Sep 17 00:00:00 2001 From: Pyronewbic Date: Mon, 11 May 2026 15:24:24 +0530 Subject: [PATCH 2/2] feat: sandbox key auth, OAuth token warmup on server start - authMiddleware accepts both owner and sandbox keys - Sandbox key: 5 req/min rate limit, per-key cache isolation - OAuth token fetched on server startup (saves 1-2s on first search) --- api.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/api.js b/api.js index dc6a946..98d7362 100644 --- a/api.js +++ b/api.js @@ -567,7 +567,15 @@ app.post("/api/alerts", authMiddleware, async (req, res) => { }); const PORT = process.env.API_PORT || 3000; -app.listen(PORT, () => { +app.listen(PORT, async () => { console.log(`Casecomp API listening on http://localhost:${PORT}`); console.log(`Swagger docs: http://localhost:${PORT}/docs`); + if (clientId && clientSecret) { + try { + await getToken(); + console.log("eBay OAuth token warmed"); + } catch (e) { + console.warn(`eBay token warmup failed: ${e.message}`); + } + } });