Merge pull request #127 from Kenlachy/security/api-key-verification

AlAfiz · web-flow · commit f035a85e699e · 2026-03-26T19:20:15.000+01:00
security: add simple API key verification for protected routes #36
diff --git a/auth.ts b/auth.ts
@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+
+/**
+ * Middleware to verify the admin API key for protected routes.
+ * It checks for the 'x-api-key' header and compares it to the ADMIN_API_KEY env variable.
+ */
+export const verifyApiKey = (req: Request, res: Response, next: NextFunction) => {
+  const apiKey = req.headers['x-api-key'];
+  const adminApiKey = process.env.ADMIN_API_KEY;
+
+  // Verify that the API key exists and matches the environment variable
+  if (!adminApiKey || apiKey !== adminApiKey) {
+    return res.status(401).json({ 
+      error: 'Unauthorized', 
+      message: 'Invalid or missing API key.' 
+    });
+  }
+
+  next();
+};
