transceiver-db/packages/api/src/middleware/require-auth.ts

/**
 * requireAuth middleware — validates Bearer token on protected routes.
 * Skip for: /api/auth/login, /api/health
 */
import { Request, Response, NextFunction } from "express";
import { verifyToken } from "../routes/auth";

export function requireAuth(req: Request, res: Response, next: NextFunction): void {
  const auth = req.headers.authorization ?? "";
  const token = auth.startsWith("Bearer ") ? auth.slice(7) : "";
  if (verifyToken(token)) {
    next();
  } else {
    res.status(401).json({ error: "Unauthorized — please log in" });
  }
}