| import { FastifyRequest } from 'fastify'; | |
| /** | |
| * Accepts two patterns: | |
| * 1. x-api-key: ADMIN_API_KEY (direct header) | |
| * 2. Authorization: Bearer ADMIN_API_KEY (worker internal calls via api-client.ts) | |
| */ | |
| export const validateApiKey = async (request: FastifyRequest): Promise<boolean> => { | |
| const apiKey = process.env.ADMIN_API_KEY; | |
| if (!apiKey) return false; | |
| if (request.headers['x-api-key'] === apiKey) return true; | |
| const authHeader = request.headers['authorization']; | |
| if (authHeader === `Bearer ${apiKey}`) return true; | |
| return false; | |
| }; | |