app.use(async (req, res, next) => {
const token = req.headers.authorization?.replace('Bearer ', '');
if (token?.startsWith('agt_')) {
const resp = await fetch('https://api.usefoil.com/gate/agent-tokens/verify', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${process.env.FOIL_SECRET_KEY}`,
},
body: JSON.stringify({ token }),
});
const { data } = await resp.json();
if (!data.valid) return res.status(401).json({ error: 'Invalid token' });
req.gateAccountId = data.gate_account_id;
}
next();
});