"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireApiKey = requireApiKey; const integration_foundation_1 = require("@dbis/integration-foundation"); const config_1 = require("../config"); function requireApiKey(req, res) { const cfg = (0, config_1.loadConfig)(); if (!cfg.production.requireApiKey) return true; const principal = (0, integration_foundation_1.resolveOmnlPrincipal)(req); if (!principal) { res.status(401).json({ error: 'Unauthorized' }); return false; } if (principal.role === 'customer') { res.status(403).json({ error: 'Forbidden', hint: 'Settlement APIs require super-admin credentials' }); return false; } return true; }