Skip to main content

Module auth

Module auth 

Source
Expand description

Minimal shared-secret bearer-token check for the network entrypoints (REST + gRPC). This is the floor — “don’t run an open memory server” — not a full auth system: one operator-held secret in MNEMO_AUTH_TOKEN, compared in constant time. There are no users, scopes, or rotation here; per-record authorization is the separate ACL/RBAC layer in crate::model::acl.

Functions§

bearer_token_matches
Validate an HTTP/gRPC Authorization header value against the expected shared secret.