23 lines
704 B
TypeScript
23 lines
704 B
TypeScript
import { type NextRequest, NextResponse } from 'next/server';
|
|
|
|
/**
|
|
* Returns true if the request carries a valid API token.
|
|
* Accepts token via `?token=` query param or `Authorization: Bearer <token>` header.
|
|
*/
|
|
export function isAuthorized(req: NextRequest): boolean {
|
|
const expected = process.env.API_TOKEN;
|
|
if (!expected) return false;
|
|
|
|
const queryToken = req.nextUrl.searchParams.get('token');
|
|
if (queryToken === expected) return true;
|
|
|
|
const authHeader = req.headers.get('authorization');
|
|
if (authHeader === `Bearer ${expected}`) return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
export function unauthorized(): NextResponse {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|