implement admin key authentication and refactor API key handling

internal/middleware/apikey.go

@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"encoding/json"
+	"log"
 	"net/http"
 
 	"github.com/jmoiron/sqlx"
@@ -12,11 +13,14 @@ import (
 func APIKeyAuth(_ *sqlx.DB) func(http.Handler) http.Handler {
 	cfg := config.Load()
 
-	allowed := make(map[string]struct{}, len(cfg.APIKeys))
-	for _, k := range cfg.APIKeys {
-		allowed[k] = struct{}{}
+	if len(cfg.APIKey) == 0 {
+		log.Panic("API key or admin key are empty")
+		return nil
 	}
 
+	allowed := make(map[string]struct{}, 1)
+	allowed[cfg.APIKey] = struct{}{}
+
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			key := r.Header.Get("X-API-Key")