pub async fn auth_middleware(
__arg0: State<AppState>,
req: Request,
next: Next,
) -> ResponseExpand description
Axum middleware: resolve the tenant for a request and inject a TenantId into extensions.
require_auth = false(default): no auth check; injects the static default tenant so every downstream handler reads a uniform identity. Single-operator behavior is unchanged.require_auth = true: reads the key fromAuthorization: Bearer <key>(orx-firstpass-key), verifies it against the configured tenant hashes, and injects the resolved tenant. A missing or invalid key returns401with an opaque body — no “unknown tenant” oracle.