Skip to content

Add API key authentication to ApiServer#13

Open
thechibuikem wants to merge 2 commits into
hyphae:vertex-4from
thechibuikem:vertex-4
Open

Add API key authentication to ApiServer#13
thechibuikem wants to merge 2 commits into
hyphae:vertex-4from
thechibuikem:vertex-4

Conversation

@thechibuikem

Copy link
Copy Markdown

Addresses hyphae/APIS#91 (item 1: Unauthenticated Control APIs)

Adds timing-safe X-API-Key header check to ApiServer's HTTP request handler, covering all three handlers (ErrorGeneration, DealGeneration, LogConfiguration) since the check runs before dispatch. Returns 500 if apiKey unconfigured, 401 on missing/invalid key.

Tests

ApiServerAuthTest: missing key, empty key, missing header, wrong
header, valid header.

Follow-up (separate PRs)

  • apis-common: method to read API key from config
  • Update callers to send X-API-Key header
  • Remaining #91 items (2–7) tracked separately

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant