feat: add Bearer token authentication
All /api/* routes require Authorization: Bearer <token>. Tokens are configured via API_TOKENS env var (comma-separated for multiple). /health remains public for Coolify health checks. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,7 @@
|
|||||||
require('dotenv').config();
|
require('dotenv').config();
|
||||||
const express = require('express');
|
const express = require('express');
|
||||||
const cors = require('cors');
|
const cors = require('cors');
|
||||||
|
const auth = require('./middleware/auth');
|
||||||
const { pool } = require('./db');
|
const { pool } = require('./db');
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
@@ -20,8 +21,8 @@ app.get('/health', async (req, res) => {
|
|||||||
res.json({ status: 'ok', db });
|
res.json({ status: 'ok', db });
|
||||||
});
|
});
|
||||||
|
|
||||||
// Routes
|
// Routes — protected by Bearer token
|
||||||
app.use('/api', require('./routes/index'));
|
app.use('/api', auth, require('./routes/index'));
|
||||||
|
|
||||||
// 404
|
// 404
|
||||||
app.use((req, res) => {
|
app.use((req, res) => {
|
||||||
|
|||||||
12
src/middleware/auth.js
Normal file
12
src/middleware/auth.js
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
const TOKENS = (process.env.API_TOKENS || '').split(',').map(t => t.trim()).filter(Boolean);
|
||||||
|
|
||||||
|
module.exports = function auth(req, res, next) {
|
||||||
|
const header = req.headers['authorization'] || '';
|
||||||
|
const token = header.startsWith('Bearer ') ? header.slice(7) : null;
|
||||||
|
|
||||||
|
if (!token || !TOKENS.includes(token)) {
|
||||||
|
return res.status(401).json({ error: 'Unauthorized' });
|
||||||
|
}
|
||||||
|
|
||||||
|
next();
|
||||||
|
};
|
||||||
Reference in New Issue
Block a user