feat: add Bearer token authentication

All /api/* routes require Authorization: Bearer <token>.
Tokens are configured via API_TOKENS env var (comma-separated for multiple).
/health remains public for Coolify health checks.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-20 11:22:45 +02:00
parent fc35e265b2
commit 7921929f73
2 changed files with 15 additions and 2 deletions

View File

@@ -1,6 +1,7 @@
require('dotenv').config();
const express = require('express');
const cors = require('cors');
const auth = require('./middleware/auth');
const { pool } = require('./db');
const app = express();
@@ -20,8 +21,8 @@ app.get('/health', async (req, res) => {
res.json({ status: 'ok', db });
});
// Routes
app.use('/api', require('./routes/index'));
// Routes — protected by Bearer token
app.use('/api', auth, require('./routes/index'));
// 404
app.use((req, res) => {

12
src/middleware/auth.js Normal file
View File

@@ -0,0 +1,12 @@
const TOKENS = (process.env.API_TOKENS || '').split(',').map(t => t.trim()).filter(Boolean);
module.exports = function auth(req, res, next) {
const header = req.headers['authorization'] || '';
const token = header.startsWith('Bearer ') ? header.slice(7) : null;
if (!token || !TOKENS.includes(token)) {
return res.status(401).json({ error: 'Unauthorized' });
}
next();
};