Expand description
Multi-tenant API-key authentication (ADR 0004 §D1) — the hosted plane’s front door.
EXPERIMENTAL / pre-external-review (ADR 0004 §D7). This is the foundation for tenant
isolation; it has NOT yet had the independent, non-author security review the ADR requires.
Do not rely on it as a hard isolation boundary for real, mutually-distrusting tenants until
that review lands. It is default-OFF (FIRSTPASS_REQUIRE_AUTH=false): with auth disabled the
single-operator path is unchanged and this module only stamps the static default tenant.
Keys are verified against Argon2id password hashes via the crate’s own constant-time
PasswordVerifier path (ADR 0004 §D1) — we never roll our own comparison. A missing or
invalid key returns 401 with an opaque body, so there is no “unknown tenant” oracle.
Structs§
- Tenant
Id - A resolved tenant identity, injected into request extensions by
auth_middleware. - Tenant
Keys - Argon2id-hashed per-tenant API keys, keyed by tenant id.
Enums§
- Auth
Config Error - Errors building
TenantKeysor hashing a key.
Functions§
- auth_
middleware - Axum middleware: resolve the tenant for a request and inject a
TenantIdinto extensions.