21 lines
474 B
JavaScript
21 lines
474 B
JavaScript
require('dotenv').config();
|
|
|
|
const VALID_KEYS = new Set(
|
|
(process.env.API_KEYS || '').split(',').map(k => k.trim()).filter(Boolean)
|
|
);
|
|
|
|
function authMiddleware(req, res, next) {
|
|
const key = req.headers['x-api-key'];
|
|
|
|
if (!key) {
|
|
return res.status(401).json({ error: 'API key ausente. Use o header: x-api-key' });
|
|
}
|
|
|
|
if (!VALID_KEYS.has(key)) {
|
|
return res.status(403).json({ error: 'API key inválida.' });
|
|
}
|
|
|
|
next();
|
|
}
|
|
|
|
module.exports = authMiddleware; |