Remove ability to create additional API keys with an existing API key

server/middlewares/authentication.ts

@@ -19,6 +19,8 @@ import {
 type AuthenticationOptions = {
   /** Role requuired to access the route. */
   role?: UserRole;
+  /** Type of authentication required to access the route. */
+  type?: AuthenticationType;
   /** Authentication is parsed, but optional. */
   optional?: boolean;
 };
@@ -115,6 +117,10 @@ export default function auth(options: AuthenticationOptions = {}) {
         throw AuthorizationError(`${capitalize(options.role)} role required`);
       }
 
+      if (options.type && type !== options.type) {
+        throw AuthorizationError(`Invalid authentication type`);
+      }
+
       // not awaiting the promises here so that the request is not blocked
       user.updateActiveAt(ctx).catch((err) => {
         Logger.error("Failed to update user activeAt", err);