senke
|
32348bebce
|
feat(developer): add API keys backend (Lot C)
- Migration 082: api_keys table (user_id, name, prefix, hashed_key, scopes, last_used_at, expires_at)
- APIKey model, APIKeyService (Create, List, Delete, ValidateAPIKey)
- APIKeyHandler: GET/POST/DELETE /api/v1/developer/api-keys
- AuthMiddleware: X-API-Key and Bearer vza_* accepted as alternative to JWT
- CSRF: skip for API key auth (stateless)
- Key format: vza_ prefix, SHA-256 hashed storage
|
2026-02-20 00:18:36 +01:00 |
|
senke
|
f8aa42df20
|
[BE-TEST-017] be-test: Add security tests for authorization
- Created comprehensive authorization test suite
- Tests verify unauthorized access is blocked (401/403)
- Tests cover: no token, invalid token, expired token
- Tests verify role-based access control (admin, creator, regular user)
- Tests verify ownership checks and admin override
- Tests verify token version mismatch protection
Phase: PHASE-5
Priority: P2
Progress: 138/267 (51.69%)
|
2025-12-25 02:00:56 +01:00 |
|