// middleware/auth.js
module.exports = function (req, res, next) {
  const apiKey = req.headers['x-api-key'];
  if (apiKey && apiKey === process.env.BITSTREAM_API_SECRET) {
    return next();
  }
  return res.status(401).json({ error: 'Unauthorized' });
};