duoqi-api/src/middleware/admin-auth.ts

import { FastifyInstance } from 'fastify';
import fp from 'fastify-plugin';
import { UnauthorizedError, ForbiddenError } from '../utils/errors.js';
import { config } from '../utils/config.js';

async function adminAuthMiddleware(app: FastifyInstance): Promise<void> {
  app.addHook('onRequest', async (request) => {
    if (!request.url.startsWith('/v1/admin')) {
      return;
    }

    // Skip admin login endpoint
    if (request.url === '/v1/admin/auth') {
      return;
    }

    const authHeader = request.headers.authorization;
    if (!authHeader?.startsWith('Bearer ')) {
      throw new UnauthorizedError('Missing admin token');
    }

    const token = authHeader.slice(7);
    if (token !== config.ADMIN_TOKEN) {
      throw new ForbiddenError('Invalid admin token');
    }
  });
}

export default fp(adminAuthMiddleware);