feat: add Bearer token authentication

All /api/* routes require Authorization: Bearer <token>.
Tokens are configured via API_TOKENS env var (comma-separated for multiple).
/health remains public for Coolify health checks.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-20 11:22:45 +02:00
parent fc35e265b2
commit 7921929f73
2 changed files with 15 additions and 2 deletions

12
src/middleware/auth.js Normal file
View File

@@ -0,0 +1,12 @@
const TOKENS = (process.env.API_TOKENS || '').split(',').map(t => t.trim()).filter(Boolean);
module.exports = function auth(req, res, next) {
const header = req.headers['authorization'] || '';
const token = header.startsWith('Bearer ') ? header.slice(7) : null;
if (!token || !TOKENS.includes(token)) {
return res.status(401).json({ error: 'Unauthorized' });
}
next();
};