senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-backend-api/internal/middleware
History
senke 3cfefaa24c [BE-SEC-012] be-sec: Implement API key authentication for webhooks 
- Added APIKey field to Webhook model with unique index
- Implemented GenerateAPIKey() method using crypto/rand for secure key generation
- Implemented ValidateAPIKey() method to authenticate webhook requests
- Implemented RegenerateAPIKey() method to rotate API keys
- Created WebhookAPIKeyMiddleware for validating API keys in requests
- Middleware supports X-API-Key header and Authorization: Bearer format
- Added endpoint POST /api/v1/webhooks/:id/regenerate-key
- API keys are prefixed with 'whk_' for identification
- Comprehensive unit tests for all API key functionality
- Inactive webhooks cannot authenticate with their API keys

Phase: PHASE-4
Priority: P2
Progress: 119/267 (44.57%)
2025-12-24 18:03:52 +01:00
..
auth.go [BE-SEC-008] be-sec: Implement session timeout and refresh 2025-12-24 12:12:29 +01:00
auth_middleware_test.go stabilizing veza-backend-api: P0 2025-12-16 11:59:56 -05:00
cors.go fix(MVP-014): Add CORS credentials configuration validation 2025-12-22 23:17:24 +01:00
cors_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
csrf.go fix(MVP-006): Standardize environment variable names (VITE_API_BASE_URL → VITE_API_URL) 2025-12-22 22:56:37 +01:00
endpoint_limiter.go [BE-SEC-005] security: Implement rate limiting for authentication endpoints 2025-12-24 12:05:35 +01:00
error_handler.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_metrics_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_structured_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
error_handler_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
general.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
logger.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
metrics.go fix(backend-tests): enable room_handler_test and resolve metric collisions 2025-12-06 12:53:15 +01:00
metrics_test.go report generation and future tasks selection 2025-12-08 19:57:54 +01:00
playlist_permission.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
playlist_permission_test.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rate_limit_login_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
rate_limiter.go [BE-SVC-002] be-svc: Implement rate limiting per user 2025-12-24 16:04:36 +01:00
ratelimit.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
ratelimit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
rbac_auth_middleware_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
rbac_middleware.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
rbac_middleware_test.go stabilizing apps/web: THIRD BATCH - FIXED Playwright 2025-12-21 18:55:51 -05:00
recovery.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_env_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
recovery_test.go stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
request_id.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_id_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_logger.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
request_logger_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
security_headers.go [BE-SEC-011] be-sec: Implement security headers 2025-12-24 12:24:54 +01:00
security_headers_test.go [FE-PAGE-001] fe-page: Complete Dashboard page implementation 2025-12-24 12:35:38 +01:00
sentry_recover.go STABILISATION: phase 3–5 – API contract, tests & chat-server hardening 2025-12-06 17:21:59 +01:00
timeout.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_goroutine_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
timeout_test.go refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
tracing.go [BE-SVC-018] be-svc: Implement request tracing 2025-12-24 17:05:32 +01:00
tracing_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
upload_rate_limit_test.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
user_rate_limiter.go [BE-SVC-002] be-svc: Implement rate limiting per user 2025-12-24 16:04:36 +01:00
validation.go [BE-SVC-020] be-svc: Implement request validation improvements 2025-12-24 17:09:54 +01:00
validation_test.go [BE-SVC-020] be-svc: Implement request validation improvements 2025-12-24 17:09:54 +01:00
versioning.go adding initial backend API (Go) 2025-12-03 20:29:37 +01:00
webhook_api_key.go [BE-SEC-012] be-sec: Implement API key authentication for webhooks 2025-12-24 18:03:52 +01:00