How can I block request without a valid auth to cloidflare workers

How can I block request that don’t have a valid auth (maybe via bearer header) so that it would not hit the limit on invocation in case some malicious actor would just call my worker repeatedly causing a DOS attack.