From aead6a8358e5c2693729d085d5b00ea71d12eb74 Mon Sep 17 00:00:00 2001 From: Matt DiMeglio Date: Sat, 17 Jan 2026 23:56:42 -0500 Subject: [PATCH] Add middleware --- api/middleware/auth.js | 21 +++++++++++++++++++++ api/server.js | 7 ++++++- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 api/middleware/auth.js diff --git a/api/middleware/auth.js b/api/middleware/auth.js new file mode 100644 index 0000000..9848e30 --- /dev/null +++ b/api/middleware/auth.js @@ -0,0 +1,21 @@ +export const validateMedicationApiKey = (req, res, next) => { + const authHeader = req.headers['authorization']; + const token = authHeader && authHeader.split(' ')[1]; + + if (!token || token !== process.env.MEDICATION_API_KEY) { + return res.status(401).json({ error: 'Unauthorized - Invalid API Key' }); + } + + next(); +}; + +export const validateShiftSyncApiKey = (req, res, next) => { + const authHeader = req.headers['authorization']; + const token = authHeader && authHeader.split(' ')[1]; + + if (!token || token !== process.env.SHIFTSYNC_API_KEY) { + return res.status(401).json({ error: 'Unauthorized - Invalid API Key' }); + } + + next(); +}; diff --git a/api/server.js b/api/server.js index c5e932e..f73256c 100644 --- a/api/server.js +++ b/api/server.js @@ -3,6 +3,7 @@ import cors from 'cors'; import dotenv from 'dotenv'; import { medicationRouter } from './services/medications/index.js'; import { shiftRunQuery } from './services/shiftConnection.js'; +import { validateMedicationApiKey, validateShiftSyncApiKey } from './middleware/auth.js'; dotenv.config(); const app = express(); @@ -22,7 +23,11 @@ app.use(express.json()); const apiRouter = express.Router(); -apiRouter.use('/medication', medicationRouter); +// ParamyxRx Router (/api/medication) +apiRouter.use('/medication', validateMedicationApiKey, medicationRouter); + +// ShiftSync Router (/api/shifts) +apiRouter.use('/shifts', validateShiftSyncApiKey, shiftsRouter); app.get("/api", (req, res) => { res.json('Welcome to Shift Sync API');