Build an Auth-Protected Dashboard API

Problem/Feature Description

Build a Next.js App Router application with a dashboard that has protected API endpoints. The dashboard shows analytics data that should only be accessible to authenticated users.

Requirements:

• GET /api/dashboard/stats -- returns dashboard statistics (total users, total orders, revenue)
• GET /api/dashboard/orders -- returns recent orders with pagination (page, limit query params)
• GET /api/dashboard/orders/[id] -- returns a single order by ID
• POST /api/dashboard/orders/[id]/notes -- add a note to an order

All /api/dashboard/* endpoints require an Authorization: Bearer <token> header. If missing or invalid, return 401.

Use a simulated auth check: treat any token that starts with "valid_" as authentic.

Also create:

• A dashboard page at /dashboard that displays the stats
• Middleware to protect the dashboard routes

Use in-memory storage with some seed data.

Output Specification

Produce:

• Route handlers for the dashboard API endpoints
• middleware.ts for auth protection
• app/dashboard/page.tsx -- dashboard page
• package.json with dependencies

You may create additional files as needed.