cb9bd2bdf4
server/plugins/Authentication.kt: - Custom Ktor AuthenticationProvider supporting both X-API-Key header and Authorization: Bearer <key> for API-Key validation - ApiKeyPrincipal data class implementing Principal interface - 401 Unauthorized with ErrorResponse body for missing/invalid keys server/plugins/Routing.kt: - Inventory routes wrapped in authenticate(api-key) block - Health endpoint remains public (no auth required) server/src/main/resources/application.conf: - API key configurable via krisenvorrat.apiKey property - Environment variable override via KRISENVORRAT_API_KEY server/tests: - 7 new AuthenticationTest cases (valid bearer, valid X-API-Key, missing key, invalid bearer, invalid X-API-Key, PUT without key, health without key) - All existing ApplicationTest cases updated with bearer auth header Closes #43
14 lines
282 B
Text
14 lines
282 B
Text
ktor {
|
|
deployment {
|
|
port = 8080
|
|
host = "0.0.0.0"
|
|
}
|
|
application {
|
|
modules = [ de.krisenvorrat.server.ApplicationKt.module ]
|
|
}
|
|
}
|
|
|
|
krisenvorrat {
|
|
apiKey = "change-me-to-a-secure-key-at-least-32-chars"
|
|
apiKey = ${?KRISENVORRAT_API_KEY}
|
|
}
|