| 27 | // --------------------------------------------------------------------------- |
| 28 | |
| 29 | function authMiddleware( |
| 30 | req: express.Request, |
| 31 | res: express.Response, |
| 32 | next: express.NextFunction |
| 33 | ): void { |
| 34 | if (!API_KEY) return next(); |
| 35 | // Skip auth for health check |
| 36 | if (req.path === "/health") return next(); |
| 37 | |
| 38 | const auth = req.headers.authorization; |
| 39 | if (!auth || auth !== `Bearer ${API_KEY}`) { |
| 40 | res.status(401).json({ error: "Unauthorized" }); |
| 41 | return; |
| 42 | } |
| 43 | next(); |
| 44 | } |
| 45 | |
| 46 | // --------------------------------------------------------------------------- |
| 47 | // Streamable HTTP transport (modern MCP protocol) |