18 lines
538 B
JavaScript
18 lines
538 B
JavaScript
export function ownerOnly(req, res, next) {
|
|
const expected = process.env.OWNER_TOKEN;
|
|
if (!expected) {
|
|
return res.status(500).json({
|
|
error: { code: 'no_owner_token', message: 'OWNER_TOKEN not configured' }
|
|
});
|
|
}
|
|
const auth = req.headers.authorization || '';
|
|
const [scheme, token] = auth.split(' ');
|
|
if (scheme !== 'Bearer' || token !== expected) {
|
|
return res.status(401).json({
|
|
error: { code: 'unauthorized', message: 'invalid token' }
|
|
});
|
|
}
|
|
req.actor = { kind: 'user', id: null };
|
|
next();
|
|
}
|