Added optional API key auth to REST API. Returning HTTP status codes from GraphQL API.

src/web/server.js

@@ -20,6 +20,7 @@ import { fetchMoviesApi } from './movies.js';
 import { fetchEntitiesApi } from './entities.js';
 import { fetchTagsApi } from './tags.js';
 
+import { verifyKey } from '../auth.js';
 import { graphqlApi } from './graphql.js';
 
 import mainHandler from './main.js';
@@ -120,6 +121,18 @@ export default async function initServer() {
 		res.sendFile(path.join(import.meta.dirname, '../../assets/consent.html'));
 	});
 
+	router.use('/api/*', async (req, res, next) => {
+		if (req.headers['api-user']) {
+			await verifyKey(req.headers['api-user'], req.headers['api-key'], req);
+
+			req.user = { // eslint-disable-line no-param-reassign
+				id: Number(req.headers['api-user']),
+			};
+		}
+
+		next();
+	});
+
 	// SESSION
 	router.post('/api/session', loginApi);
 	router.delete('/api/session', logoutApi);