feat: authorise server

.env.example

@@ -1,2 +1,3 @@
 MONGODB=
-JWT_SECRET=
+JWT_SECRET=
+SERVER_TOKEN=

index.mjs

@@ -47,6 +47,10 @@ app.get("/jwt", async (req, res) => {
 });
 
 app.post("/info", async (req, res) => {
+  if (req.headers["x-server"] !== process.env.SERVER_TOKEN) {
+    return res.status(403).send("Not server.");
+  }
+
   const token = req.headers["x-jwt"];
   if (token) {
     try {