miroir/crates
jedarden 625e414b6c Implement bearer-token dispatch chain (plan §5 rules 0-5) + X-Admin-Key
Add deterministic bearer-token dispatch with five rules:
- Rule 0: dispatch-exempt endpoints skip all auth (metrics, locale, login,
  session, SPA)
- Rule 1: JWT-shape probe stub (Phase 5 will add full validation)
- Rule 2: admin-path (/__miroir/*) matches only admin_key
- Rule 3: non-admin paths match only master_key
- Rule 4: mismatch returns 401 miroir_invalid_auth

Also adds X-Admin-Key header short-circuit for admin endpoints,
constant-time comparison via subtle::ConstantTimeEq, rate-limit hook
types (Phase 2 in-memory stub), and 54 unit tests covering all
acceptance criteria.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 05:11:57 -04:00
..
miroir-core Add Meilisearch-compatible error shape and miroir_* error codes (P2.6) 2026-04-19 05:05:32 -04:00
miroir-ctl P0.7: Fix cargo fmt and clippy warnings for CI smoke 2026-04-18 22:06:56 -04:00
miroir-proxy Implement bearer-token dispatch chain (plan §5 rules 0-5) + X-Admin-Key 2026-04-19 05:11:57 -04:00