Folder: middleware/

this folder is one drawer in the backend filing cabinet.

admin.middleware.ts

Path: src/middleware/admin.middleware.ts

Header from code: admin.middleware.ts — “Are you allowed in the admin area?”

Two layers of admin security (used together on /api/v1/admin/*):

auth.middleware.ts

Path: src/middleware/auth.middleware.ts

Header from code: auth.middleware.ts — “Are you logged in?”

This runs before protected route handlers. It answers one question:

internal-key.middleware.ts

Path: src/middleware/internal-key.middleware.ts

Header from code: internal-key.middleware.ts — “Are you our worker, not a random hacker?”

Some endpoints must NOT use Google login — they are called by our own