Expand description
Minimal shared-secret bearer-token check for the network entrypoints
(REST + gRPC). This is the floor — “don’t run an open memory server” — not
a full auth system: one operator-held secret in MNEMO_AUTH_TOKEN, compared
in constant time. There are no users, scopes, or rotation here; per-record
authorization is the separate ACL/RBAC layer in crate::model::acl.
Functions§
- bearer_
token_ matches - Validate an HTTP/gRPC
Authorizationheader value against the expected shared secret.