"use strict";
/**
 * API Key authentication middleware.
 * Reads ABE_API_KEY env var; if not set, dev mode (no auth).
 */
Object.defineProperty(exports, "__esModule", { value: true });
exports.apiKeyAuth = apiKeyAuth;
function apiKeyAuth(req, res, next) {
    const apiKey = process.env['ABE_API_KEY'];
    if (!apiKey) {
        // Dev mode: no auth required
        next();
        return;
    }
    const provided = req.headers['x-abe-api-key'];
    if (!provided || provided !== apiKey) {
        res.status(401).json({ error: 'Invalid or missing API key' });
        return;
    }
    next();
}