diff --git a/src/index.js b/src/index.js index 6d3b8d4..f8405a1 100644 --- a/src/index.js +++ b/src/index.js @@ -1,6 +1,7 @@ require('dotenv').config(); const express = require('express'); const cors = require('cors'); +const auth = require('./middleware/auth'); const { pool } = require('./db'); const app = express(); @@ -20,8 +21,8 @@ app.get('/health', async (req, res) => { res.json({ status: 'ok', db }); }); -// Routes -app.use('/api', require('./routes/index')); +// Routes — protected by Bearer token +app.use('/api', auth, require('./routes/index')); // 404 app.use((req, res) => { diff --git a/src/middleware/auth.js b/src/middleware/auth.js new file mode 100644 index 0000000..4b804f2 --- /dev/null +++ b/src/middleware/auth.js @@ -0,0 +1,12 @@ +const TOKENS = (process.env.API_TOKENS || '').split(',').map(t => t.trim()).filter(Boolean); + +module.exports = function auth(req, res, next) { + const header = req.headers['authorization'] || ''; + const token = header.startsWith('Bearer ') ? header.slice(7) : null; + + if (!token || !TOKENS.includes(token)) { + return res.status(401).json({ error: 'Unauthorized' }); + } + + next(); +};