feat: add admin token config and auth helper

packages/config/src/adminAuth.test.ts

@@ -0,0 +1,14 @@
+import { test, expect } from "bun:test";
+import { isAdminRequest } from "./adminAuth";
+
+test("isAdminRequest returns false when ADMIN_TOKEN unset", () => {
+  expect(isAdminRequest({ adminToken: undefined }, { headerToken: "x" })).toBe(
+    false,
+  );
+});
+
+test("isAdminRequest returns true when header token matches", () => {
+  expect(
+    isAdminRequest({ adminToken: "secret" }, { headerToken: "secret" }),
+  ).toBe(true);
+});

packages/config/src/adminAuth.ts

@@ -0,0 +1,7 @@
+export function isAdminRequest(
+  env: { adminToken: string | undefined },
+  input: { headerToken: string | null | undefined },
+) {
+  if (!env.adminToken) return false;
+  return input.headerToken === env.adminToken;
+}

packages/config/src/index.ts

@@ -2,7 +2,8 @@ import { z } from "zod";
 
 const envSchema = z.object({
   APP_NAME: z.string().min(1).default("porthole"),
-  NEXT_PUBLIC_APP_NAME: z.string().min(1).optional()
+  NEXT_PUBLIC_APP_NAME: z.string().min(1).optional(),
+  ADMIN_TOKEN: z.string().min(1).optional(),
 });
 
 let cachedEnv: z.infer<typeof envSchema> | undefined;
@@ -23,3 +24,8 @@ export function getAppName() {
   const env = getEnv();
   return env.NEXT_PUBLIC_APP_NAME ?? env.APP_NAME;
 }
+
+export function getAdminToken() {
+  const env = getEnv();
+  return env.ADMIN_TOKEN;
+}