feat: update api key name

Chia-Network · Apr 25, 2023 · ce51a56 · ce51a56
1 parent 49a63c4
commit ce51a56
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -126,7 +126,7 @@ In the `CHIA_ROOT` directory (usually `~/.chia/mainnet` on Linux), Climate Wareh
   * **WALLET_URL**: URL and port to conned to the [Chia Wallet RPC](https://docs.chia.net/wallet-rpc).  If Chia is installed on the same machine as Climate Warehouse with default settings, https://localhost:9256 will work.
   * **USE_SIMULATOR**: Developer setting to populate Climate Warehouse from a governance file and enables some extra APIs.  Should always be "false" under normal usage. 
   * **READ_ONLY**: When hosting an Observer node, set to "true" to prevent any data being written using the Climate Warehouse APIs.  This makes the application safe to run with public endpoints as it is just displaying publicly available data.  When running a governance node, or a participant node, set to "false" to allow data to be written to the Climate Warehouse APIs.  When "false", additional authentication or access restrictions must be applied to prevent unauthorized alteration of the data.  
-  * **API_KEY**: This key is used by the [Climate Warehouse UI](https://github.com/Chia-Network/climate-warehouse-ui) to authenticate with the Climate Warehouse API endpoints.  This allows the API to power the UI only without allowing requests missing the API in the header to access the API.  This can be left blank to allow open access to the API, or if access is restricted by other means.  The API_KEY can be set to any value, but we recommend at least a 32 character random string.  The API_KEY can be passed in a request using the `x-api-key` header.  See the [RPC documentation](docs/climate_warehouse_rpc_api.md) for examples. 
+  * **CADT_API_KEY**: This key is used by the [Climate Warehouse UI](https://github.com/Chia-Network/climate-warehouse-ui) to authenticate with the Climate Warehouse API endpoints.  This allows the API to power the UI only without allowing requests missing the API in the header to access the API.  This can be left blank to allow open access to the API, or if access is restricted by other means.  The API_KEY can be set to any value, but we recommend at least a 32 character random string.  The API_KEY can be passed in a request using the `x-api-key` header.  See the [RPC documentation](docs/climate_warehouse_rpc_api.md) for examples. 
   * **CHIA_NETWORK**:  Climate Warehouse can run on Chia mainnet or any testnet.  Set to "mainnet" for production instances, or "testnet" if using the main Chia testnet. 
   * **USE_DEVELOPMENT_MODE**:  Should be false in most use cases.  If a developer writing code for the app, this can be changed to "true" which will bypass the need for a governance node.
   * **IS_GOVERNANCE_BODY**: "True" or "false" toggle to enable/disable mode for this instance being a governing body.
@@ -140,7 +140,7 @@ Note that the Climate Warehouse application will need to be restarted after any
 
 ### Ports, Networking, and Security
 
-The port for the Climate Warehouse API can be set with the parameter `CW_PORT` in the `config.yaml` file discussed above.  The default port is 31310.  The Climate Warehouse API will listen on all network interfaces on this port so care must be taken to block this port at the firewall or networking level to avoid this API being public.  In many cases, the API will need to be public for either the [Climate Warehouse UI](https://github.com/Chia-Network/climate-warehouse-ui) or to integrate with existing tools and scripts.  To add authentication to the API, use the `API_KEY` parameter.  Alternatively, the API can be served behind an authentication proxy to restrict access and the `API_KEY` can be left blank.  If running an observer node with `READ_ONLY` set to `true`, the Climate Warehouse API will only share data from the public blockchain, and running without authentication is usually safe.  If `READ_ONLY` is set to `false`, authentication must be used to prevent unauthorized writes to the blockchain. 
+The port for the Climate Warehouse API can be set with the parameter `CW_PORT` in the `config.yaml` file discussed above.  The default port is 31310.  The Climate Warehouse API will listen on all network interfaces on this port so care must be taken to block this port at the firewall or networking level to avoid this API being public.  In many cases, the API will need to be public for either the [Climate Warehouse UI](https://github.com/Chia-Network/climate-warehouse-ui) or to integrate with existing tools and scripts.  To add authentication to the API, use the `CADT_API_KEY` parameter.  Alternatively, the API can be served behind an authentication proxy to restrict access and the `API_KEY` can be left blank.  If running an observer node with `READ_ONLY` set to `true`, the Climate Warehouse API will only share data from the public blockchain, and running without authentication is usually safe.  If `READ_ONLY` is set to `false`, authentication must be used to prevent unauthorized writes to the blockchain. 
 
 ## Developer Guide
 

diff --git a/docs/climate_warehouse_rpc_api.md b/docs/climate_warehouse_rpc_api.md
@@ -9,7 +9,7 @@ Please also see the following related documents:
 
 The Climate Warehosue RPC API is exposed by default on port 31310. This document will give examples to access the RPC API using `http://localhost:31310/v1`.  
 
-If using an `API_KEY` append `--header 'x-api-key: <your-api-key-here>'` to your `curl` request.  
+If using a `CADT_API_KEY` append `--header 'x-api-key: <your-api-key-here>'` to your `curl` request.  
 
 ## Commands
 

diff --git a/src/middleware.js b/src/middleware.js
@@ -17,7 +17,7 @@ import {
 import packageJson from '../package.json';
 import datalayer from './datalayer';
 
-const { API_KEY, READ_ONLY, IS_GOVERNANCE_BODY, USE_SIMULATOR } =
+const { CADT_API_KEY, READ_ONLY, IS_GOVERNANCE_BODY, USE_SIMULATOR } =
   getConfig().APP;
 
 const headerKeys = Object.freeze({
@@ -62,9 +62,9 @@ app.use(function (req, res, next) {
 
 // Add optional API key if set in .env file
 app.use(function (req, res, next) {
-  if (API_KEY && API_KEY !== '') {
+  if (CADT_API_KEY && CADT_API_KEY !== '') {
     const apikey = req.header('x-api-key');
-    if (API_KEY === apikey) {
+    if (CADT_API_KEY === apikey) {
       next();
     } else {
       res.status(403).json({ message: 'API key not found' });

diff --git a/src/utils/defaultConfig.json b/src/utils/defaultConfig.json
@@ -11,7 +11,7 @@
     "WALLET_URL": "https://localhost:9256",
     "USE_SIMULATOR": false,
     "READ_ONLY": false,
-    "API_KEY": null,
+    "CADT_API_KEY": null,
     "CHIA_NETWORK": "mainnet",
     "USE_DEVELOPMENT_MODE": false,
     "IS_GOVERNANCE_BODY": false,