Add Bearer token authentication support for all API endpoints

src/controllers/completionsController.js

@@ -211,8 +211,9 @@ completionsController.post(
     "/completions",
     rest(async ({req}) => {
         const requestId = Math.random().toString(36).substring(2, 15);
-
-        await tokensService.isValidMasterToken(req.query.masterToken);
+
+        const masterToken = tokensService.getMasterTokenFromRequest(req);
+        await tokensService.isValidMasterToken(masterToken);
         console.log(`[${requestId}] 📨 POST /completions`);
 
         const body = req.body;

src/controllers/dialogsController.js

@@ -17,7 +17,8 @@ dialogsController.delete(
 dialogsController.get(
   "/dialog-history",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
     const token = await tokensService.getTokenByUserId(req.query.dialogName);
 
 

src/controllers/referralController.js

@@ -8,8 +8,9 @@ const referralController = express.Router();
 referralController.post(
   "/referral",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
-
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
+
     // Фикс: Обработка "None" и пустых значений
     let referralId = req.query.referralId?.trim() || null;
     if (referralId === "None" || referralId === "null") referralId = null;
@@ -24,7 +25,8 @@ referralController.post(
 referralController.get(
   "/referral",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
     return new HttpResponse(200, await referralService.getReferral(req.query.userId));
   })
 );

src/controllers/systemMessagesController.js

@@ -9,7 +9,8 @@ const systemMessagesController = express.Router();
 systemMessagesController.post(
   "/system-message",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     return new HttpResponse(
       200,
@@ -21,7 +22,8 @@ systemMessagesController.post(
 systemMessagesController.get(
   "/system-message",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     return new HttpResponse(200, await systemMessageService.getSystemMessage(String(req.query.userId)));
   }),

src/controllers/tokensController.js

@@ -9,7 +9,8 @@ const tokensController = express.Router();
 tokensController.get(
   "/token",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     return new HttpResponse(200, await tokensService.getTokenByUserId(req.query.userId));
   }),
@@ -18,7 +19,8 @@ tokensController.get(
 tokensController.get(
   "/token/has",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     const hasUser = await tokensService.hasUserToken(req.query.userId);
     return new HttpResponse(200, { hasUser });
@@ -28,7 +30,8 @@ tokensController.get(
 tokensController.put(
   "/token",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     const { operation, amount } = req.body;
 
@@ -41,7 +44,8 @@ tokensController.put(
 tokensController.post(
   "/token",
   rest(async ({ req }) => {
-    await tokensService.isValidMasterToken(req.query.masterToken);
+    const masterToken = tokensService.getMasterTokenFromRequest(req);
+    await tokensService.isValidMasterToken(masterToken);
 
     return new HttpResponse(200, await tokensService.regenerateToken(req.query.userId));
   }),

src/services/TokensService.js

@@ -67,4 +67,37 @@ export class TokensService {
   getTokenFromAuthorization(authorization) {
     return authorization.split("Bearer ")[1];
   }
+
+  /**
+   * Extract master token from request, supporting both Authorization header and query parameter.
+   * Priority: Authorization header > query parameter (deprecated)
+   * @param {Request} req - Express request object
+   * @returns {string} Master token
+   * @throws {HttpException} If no token is provided
+   */
+  getMasterTokenFromRequest(req) {
+    // Priority 1: Check Authorization header (recommended)
+    const authHeader = req.headers.authorization;
+    if (authHeader) {
+      if (authHeader.startsWith('Bearer ')) {
+        return authHeader.split('Bearer ')[1];
+      }
+      // Handle case where "Bearer " prefix is missing
+      console.log('⚠️ [WARNING] Authorization header present but missing "Bearer " prefix');
+    }
+
+    // Priority 2: Fall back to query parameter (deprecated)
+    if (req.query.masterToken) {
+      console.log('⚠️ [DEPRECATED] Using masterToken in query parameter is deprecated and will be removed in v2.0.0.');
+      console.log('   Please migrate to using Authorization header: "Authorization: Bearer <token>"');
+      console.log('   See documentation: https://github.com/deep-assistant/api-gateway#authentication');
+      return req.query.masterToken;
+    }
+
+    // No token provided
+    throw new HttpException(
+      401,
+      "Missing authentication token. Please provide Authorization header: 'Authorization: Bearer <token>'"
+    );
+  }
 }