// internal-auth.ts — Shared-secret authentication for internal API endpoints // Used by Verilex Data to access bulk entity export and name search endpoints. import type { Request, Response, NextFunction } from "express"; const INTERNAL_API_KEY = process.env.PW_INTERNAL_API_KEY || ""; export function internalAuth(req: Request, res: Response, next: NextFunction): void { if (!INTERNAL_API_KEY) { res.status(503).json({ error: "Internal API not configured" }); return; } const authHeader = req.headers.authorization || ""; if (!authHeader.startsWith("Bearer ")) { res.status(401).json({ error: "Missing Authorization header" }); return; } const token = authHeader.slice(7); if (token !== INTERNAL_API_KEY) { res.status(401).json({ error: "Invalid API key" }); return; } next(); }