kilo-cv/backend/middleware/auth.js

const tokens = new Set();

export function registerToken(token) {
  tokens.add(token);
}

export function revokeToken(token) {
  tokens.delete(token);
}

export function isValidToken(token) {
  return tokens.has(token);
}

export function authMiddleware(req, res, next) {
  if (process.env.USE_KEYCLOAK === 'true') {
    const authHeader = req.headers.authorization;
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
      return res.status(401).json({ error: 'Missing bearer token' });
    }
    // In Keycloak mode, token validation would happen here
    // For now, we accept any bearer token (real Keycloak integration would verify JWT)
    return next();
  }
  
  const authHeader = req.headers.authorization;
  if (!authHeader || !authHeader.startsWith('Bearer ')) {
    return res.status(401).json({ error: 'Missing bearer token' });
  }
  
  const token = authHeader.slice(7);
  if (!isValidToken(token)) {
    return res.status(401).json({ error: 'Invalid token' });
  }
  
  next();
}

export function optionalAuth(req, res, next) {
  next();
}