From 35be401312a1232a20651f410facc10032cd135d Mon Sep 17 00:00:00 2001 From: evanpelle Date: Mon, 30 Mar 2026 20:57:13 -0700 Subject: [PATCH] send x-api-key in requests to bypass bot detection --- .github/workflows/deploy.yml | 2 +- .github/workflows/release.yml | 8 ++++---- src/server/Archive.ts | 1 + src/server/GamePreviewRoute.ts | 3 +++ src/server/jwt.ts | 1 + 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4220bc991..23da68c0b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -130,7 +130,7 @@ jobs: run: | echo "::group::Wait for deployment to start" set -euxo pipefail - while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do + while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do if [ "$SECONDS" -ge 300 ]; then echo "Timeout: deployment did not start within 5 minutes" exit 1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be979218c..eec240067 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -85,7 +85,7 @@ jobs: run: | echo "::group::Wait for deployment to start" set -euxo pipefail - while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do + while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do if [ "$SECONDS" -ge 300 ]; then echo "Timeout: deployment did not start within 5 minutes" exit 1 @@ -136,7 +136,7 @@ jobs: run: | echo "::group::Wait for deployment to start" set -euxo pipefail - while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do + while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do if [ "$SECONDS" -ge 300 ]; then echo "Timeout: deployment did not start within 5 minutes" exit 1 @@ -187,7 +187,7 @@ jobs: run: | echo "::group::Wait for deployment to start" set -euxo pipefail - while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do + while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do if [ "$SECONDS" -ge 300 ]; then echo "Timeout: deployment did not start within 5 minutes" exit 1 @@ -238,7 +238,7 @@ jobs: run: | echo "::group::Wait for deployment to start" set -euxo pipefail - while [ "$(curl -s https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do + while [ "$(curl -s -H "X-API-Key: ${API_KEY}" https://${FQDN}/commit.txt)" != "${GITHUB_SHA}" ]; do if [ "$SECONDS" -ge 300 ]; then echo "Timeout: deployment did not start within 5 minutes" exit 1 diff --git a/src/server/Archive.ts b/src/server/Archive.ts index b540f9c8d..7e89509cc 100644 --- a/src/server/Archive.ts +++ b/src/server/Archive.ts @@ -59,6 +59,7 @@ export async function readGameRecord( method: "GET", headers: { "Content-Type": "application/json", + "x-api-key": config.apiKey(), }, }); const record = await response.json(); diff --git a/src/server/GamePreviewRoute.ts b/src/server/GamePreviewRoute.ts index 01837ff19..00654856c 100644 --- a/src/server/GamePreviewRoute.ts +++ b/src/server/GamePreviewRoute.ts @@ -54,6 +54,9 @@ export function registerGamePreviewRoute(opts: { const apiDomain = config.jwtIssuer(); const encodedID = encodeURIComponent(gameID); const response = await fetch(`${apiDomain}/game/${encodedID}`, { + headers: { + "x-api-key": config.apiKey(), + }, signal: controller.signal, }); if (!response.ok) return null; diff --git a/src/server/jwt.ts b/src/server/jwt.ts index e4a09b012..1a05baaa8 100644 --- a/src/server/jwt.ts +++ b/src/server/jwt.ts @@ -74,6 +74,7 @@ export async function getUserMe( const response = await fetch(config.jwtIssuer() + "/users/@me", { headers: { authorization: `Bearer ${token}`, + "x-api-key": config.apiKey(), }, }); if (response.status !== 200) {