auth/require_keeper.ts

Keeper credential type guard.
Two-part check:
1. Credential type must be daemon_token (not session cookie, not API token).
2. Account must hold active keeper permit.
Both must pass. A session cookie from the bootstrap account still fails check #1.

Declarations
#

view source

require_keeper
#

auth/require_keeper.ts view source

(c: Context<any, string, {}>, next: Next): Promise<void | Response>

Middleware that requires keeper credentials.
Returns 401 if unauthenticated, 403 if credential type is not
daemon_token or if the keeper role is missing.

`c`

type Context<any, string, {}>

`next`

type Next

returns

Promise<void | Response>

Depends on
#

auth/request_context.ts
auth/role_schema.ts
hono_context.ts
http/error_schemas.ts

Imported by
#

auth/route_guards.ts