import { extractBearerToken, verifyToken } from './auth.js'; import { sendJson } from './http-utils.js'; export function remoteAddress(req) { return req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.socket.remoteAddress || ''; } export async function isAuthenticated(req) { return verifyToken(extractBearerToken(req), { remoteAddress: remoteAddress(req) }); } export async function requireAuth(req, res, pathname = '') { if (await isAuthenticated(req)) { return true; } if ((req.method || 'GET') !== 'GET') { console.warn(`[auth] rejected ${req.method || 'GET'} ${pathname || req.url || ''} remote=${remoteAddress(req)}`); } sendJson(res, 401, { error: 'pairing_required' }); return false; }