chore: test deploy snapshot

etc/servers/work-server/src/routes/play-app.ts

@@ -1,5 +1,6 @@
-import type { FastifyInstance } from 'fastify';
+import type { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify';
 import { z } from 'zod';
+import { env } from '../config/env.js';
 import { db } from '../db/client.js';
 
 type PlayAppEnvironment = 'preview' | 'test' | 'prod';
@@ -18,6 +19,23 @@ type PlayAppSeedEntry = {
 };
 
 const PLAY_APP_TABLE = 'play_apps';
+
+function getRequestAccessToken(request: FastifyRequest) {
+  const tokenHeader = request.headers['x-access-token'];
+  return Array.isArray(tokenHeader) ? tokenHeader[0]?.trim() ?? '' : String(tokenHeader ?? '').trim();
+}
+
+function ensurePlayAppWriteAuthorized(request: FastifyRequest, reply: FastifyReply) {
+  if (getRequestAccessToken(request) === env.SERVER_COMMAND_ACCESS_TOKEN) {
+    return true;
+  }
+
+  reply.code(403).send({
+    message: '권한 토큰이 필요합니다.',
+  });
+  return false;
+}
+
 const DEFAULT_ENTRIES: PlayAppSeedEntry[] = [
   {
     id: 'baseball-ticket-bay',
@@ -546,15 +564,27 @@ export async function registerPlayAppRoutes(app: FastifyInstance) {
     };
   });
 
-  app.post('/api/play-apps', async (request) => {
+  app.post('/api/play-apps', async (request, reply) => {
+    if (!ensurePlayAppWriteAuthorized(request, reply)) {
+      return;
+    }
+
     return createPlayAppEntry(request.body);
   });
 
-  app.put('/api/play-apps/:id', async (request) => {
+  app.put('/api/play-apps/:id', async (request, reply) => {
+    if (!ensurePlayAppWriteAuthorized(request, reply)) {
+      return;
+    }
+
     return updatePlayAppEntry(request.params, request.body);
   });
 
-  app.delete('/api/play-apps/:id', async (request) => {
+  app.delete('/api/play-apps/:id', async (request, reply) => {
+    if (!ensurePlayAppWriteAuthorized(request, reply)) {
+      return;
+    }
+
     return deletePlayAppEntry(request.params);
   });
 }