From 0ed62ad8ed6936eff52de09e01348dbd77103674 Mon Sep 17 00:00:00 2001
From: Sergey Karmanov <ppoocpel8888@gmail.com>
Date: Fri, 14 Nov 2025 00:23:37 +0300
Subject: [PATCH] =?UTF-8?q?feat:=20=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8?=
 =?UTF-8?q?=D0=BB=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8=D0=B7=D0=B0=D1=86?=
 =?UTF-8?q?=D0=B8=D1=8E=20=D0=BF=D0=BE=20api=20=D0=BA=D0=BB=D1=8E=D1=87?=
 =?UTF-8?q?=D1=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Program.cs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/Program.cs b/src/Program.cs
index f0a8fb0..62ee756 100644
--- a/src/Program.cs
+++ b/src/Program.cs
@@ -14,10 +14,27 @@ if (string.IsNullOrWhiteSpace(builder.Configuration["MS_USERNAME"]) || string.Is
     Environment.Exit(1);
 }
 
+var configuredApiKey = builder.Configuration["API_KEY"];
+
 builder.Services.AddSingleton<MicrosoftAuthService>();
 
 var app = builder.Build();
 
+if (!string.IsNullOrWhiteSpace(configuredApiKey))
+{
+    app.Use(async (context, next) =>
+    {
+        if (!context.Request.Headers.TryGetValue("X-API-Key", out var providedKey) || !string.Equals(providedKey, configuredApiKey, StringComparison.Ordinal))
+        {
+            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
+            await context.Response.WriteAsync("Unauthorized");
+            return;
+        }
+
+        await next();
+    });
+}
+
 app.MapGet("/auth/ms", async (MicrosoftAuthService mas, CancellationToken ct) =>
     {
         try