feat: add Bearer token authentication

All /api/* routes require Authorization: Bearer <token>.
Tokens are configured via API_TOKENS env var (comma-separated for multiple).
/health remains public for Coolify health checks.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-20 11:22:45 +02:00
parent fc35e265b2
commit 7921929f73
2 changed files with 15 additions and 2 deletions

View File

@@ -1,6 +1,7 @@
require('dotenv').config();
const express = require('express');
const cors = require('cors');
const auth = require('./middleware/auth');
const { pool } = require('./db');
const app = express();
@@ -20,8 +21,8 @@ app.get('/health', async (req, res) => {
res.json({ status: 'ok', db });
});
// Routes
app.use('/api', require('./routes/index'));
// Routes — protected by Bearer token
app.use('/api', auth, require('./routes/index'));
// 404
app.use((req, res) => {