| /** | |
| * Internal Auth Middleware | |
| * Validates shared secret between CF Worker and Simulator service | |
| */ | |
| import type { Request, Response, NextFunction } from 'express'; | |
| export function internalAuthMiddleware(req: Request, res: Response, next: NextFunction): void { | |
| const secret = req.headers['x-internal-secret']; | |
| const expected = process.env['INTERNAL_API_SECRET']; | |
| if (!expected) { | |
| // No secret configured — skip auth in development | |
| if (process.env['NODE_ENV'] !== 'production') { | |
| next(); | |
| return; | |
| } | |
| res.status(500).json({ success: false, error: 'INTERNAL_API_SECRET not configured' }); | |
| return; | |
| } | |
| if (!secret || secret !== expected) { | |
| res.status(401).json({ success: false, error: 'Unauthorized — invalid internal secret' }); | |
| return; | |
| } | |
| next(); | |
| } | |