import { isAuthenticated, isAuthRequired } from "@/shared/utils/apiAuth"; import { createErrorResponse } from "@/lib/api/errorResponse"; export async function requireManagementAuth(request: Request): Promise { if (!(await isAuthRequired())) { return null; } if (await isAuthenticated(request)) { return null; } const authHeader = request.headers.get("authorization"); const hasBearerToken = typeof authHeader === "string" && authHeader.trim().toLowerCase().startsWith("bearer "); return createErrorResponse({ status: hasBearerToken ? 403 : 401, message: hasBearerToken ? "Invalid management token" : "Authentication required", type: "invalid_request", }); }