/**
 * API Key middleware
 * Validates the api_key query parameter against process.env.API_KEY
 * Spec: GET /api/verify-degree/{id}?api_key={API_KEY}
 */

function validateApiKey(req, res, next) {
  const apiKey = req.query.api_key;

  if (!apiKey || apiKey !== process.env.API_KEY) {
    return res.status(401).json({ error: 'Unauthorized - Invalid API key' });
  }

  next();
}

module.exports = { validateApiKey };