chore: sync submodule state (parent ref update)

Made-with: Cursor

src/integration/api-gateway/middleware/admin-central-auth.middleware.ts

@@ -0,0 +1,29 @@
+/**
+ * Admin Central API auth middleware
+ * Used for service-to-service calls from orchestration portal, token-aggregation, multi-chain-execution.
+ * Expects X-Admin-Central-Key header to match ADMIN_CENTRAL_API_KEY env.
+ */
+
+import { Request, Response, NextFunction } from 'express';
+
+export function requireAdminCentralKey(req: Request, res: Response, next: NextFunction): void {
+  const key = req.headers['x-admin-central-key'] as string | undefined;
+  const expected = process.env.ADMIN_CENTRAL_API_KEY;
+
+  if (!expected) {
+    // If not configured, allow (dev) or deny (prod). Prefer deny for security.
+    return res.status(501).json({
+      success: false,
+      error: { code: 'NOT_CONFIGURED', message: 'Admin central API key not configured' },
+    });
+  }
+
+  if (!key || key !== expected) {
+    return res.status(401).json({
+      success: false,
+      error: { code: 'UNAUTHORIZED', message: 'Invalid or missing X-Admin-Central-Key' },
+    });
+  }
+
+  next();
+}