feat(auth): owner-only middleware for single-user bearer auth

2026-05-31 11:06:21 +10:00
parent cd71d64523
commit 7e55f07689
2 changed files with 64 additions and 0 deletions
--- a/lib/auth/owner.js
+++ b/lib/auth/owner.js
@@ -0,0 +1,17 @@
+export function ownerOnly(req, res, next) {
+  const expected = process.env.OWNER_TOKEN;
+  if (!expected) {
+    return res.status(500).json({
+      error: { code: 'no_owner_token', message: 'OWNER_TOKEN not configured' }
+    });
+  }
+  const auth = req.headers.authorization || '';
+  const [scheme, token] = auth.split(' ');
+  if (scheme !== 'Bearer' || token !== expected) {
+    return res.status(401).json({
+      error: { code: 'unauthorized', message: 'invalid token' }
+    });
+  }
+  req.actor = { kind: 'user', id: null };
+  next();
+}