feat: add API key protection for /api/monitoring endpoints

src/app/api/monitoring/[[...slug]]/route.ts

@@ -25,6 +25,18 @@ const MonitoringServer = new Elysia({ prefix: "/api/monitoring" })
          }
       }
    }))
+   .onBeforeHandle(({ request, set, path }) => {
+      // Docs tidak perlu API key
+      if (path.startsWith("/api/monitoring/docs")) return;
+
+      const apiKey = process.env.MONITORING_API_KEY;
+      const incoming = request.headers.get("x-api-key");
+
+      if (!apiKey || incoming !== apiKey) {
+         set.status = 401;
+         return { success: false, message: "Unauthorized" };
+      }
+   })
 
    .get("/grid-overview", async ({ query, set }) => {
       try {