src/auth.ts

import type { FastifyRequest } from "fastify";
import { env } from "./env.js";

export function requireAdmin(req: FastifyRequest) {
  // If ADMIN_TOKEN isn't set, run in "open" mode (dev).
  if (!env.ADMIN_TOKEN) return;

  const auth = req.headers.authorization;
  if (!auth?.startsWith("Bearer ")) {
    const err = new Error("missing bearer token");
    // @ts-expect-error attach status
    err.statusCode = 401;
    throw err;
  }
  const token = auth.slice("Bearer ".length);
  if (token !== env.ADMIN_TOKEN) {
    const err = new Error("invalid bearer token");
    // @ts-expect-error attach status
    err.statusCode = 403;
    throw err;
  }
}
Initial MVP: multiplexer + chat DB 2026-01-27 17:47:41 -08:00			`import type { FastifyRequest } from "fastify";`
			`import { env } from "./env.js";`

			`export function requireAdmin(req: FastifyRequest) {`
			`// If ADMIN_TOKEN isn't set, run in "open" mode (dev).`
			`if (!env.ADMIN_TOKEN) return;`

			`const auth = req.headers.authorization;`
			`if (!auth?.startsWith("Bearer ")) {`
			`const err = new Error("missing bearer token");`
			`// @ts-expect-error attach status`
			`err.statusCode = 401;`
			`throw err;`
			`}`
			`const token = auth.slice("Bearer ".length);`
			`if (token !== env.ADMIN_TOKEN) {`
			`const err = new Error("invalid bearer token");`
			`// @ts-expect-error attach status`
			`err.statusCode = 403;`
			`throw err;`
			`}`
			`}`