feat(http): implement shared Bearer auth middleware (resolve_from_token, stash Identity in request extensions)
Add src/server/auth.rs with bearer_auth_middleware axum layer that extracts the Authorization: Bearer header, resolves via IdentityProvider::resolve_from_token, and stashes Option<Identity> in request extensions. Shared by HTTP gateway routes and the to_mcp rmcp service (research §4.4). No token, malformed header, or failed resolution all yield None (unauthenticated, not an error) — Bearer-only auth mechanism (ADR-004). Includes ResolvedIdentity axum extractor reading from extensions, and wires the middleware into the HttpAdapter router around the gateway/openapi/mcp routes (excluding the raw /healthz route).
This commit is contained in:
1
Cargo.lock
generated
1
Cargo.lock
generated
@@ -122,6 +122,7 @@ dependencies = [
|
||||
"serde_json",
|
||||
"thiserror 2.0.18",
|
||||
"tokio",
|
||||
"tower",
|
||||
"tracing",
|
||||
"url",
|
||||
"uuid",
|
||||
|
||||
Reference in New Issue
Block a user