- auth.rs: Identity, AuthContext, AuthToken, IdentityProvider trait, ConfigIdentityProvider - ConfigIdentityProvider reads from ArcSwap<DynamicConfig> on every call (hot-reloadable) - Fingerprint resolution via authorized_fingerprints; token resolution via alk_ prefix + SHA-256 hash + expiry check - config.rs: minimal DynamicConfig, AuthPolicy (with resolve methods), ApiKeyEntry, RateLimitConfig, ConfigReloadHandle required by auth - Unit tests: fingerprint resolution (known/unknown/empty), token resolution (valid/expired/unknown/wrong-hash/non-alk), config reload changes results immediately - Add sha2, hex deps to alknet-core
832 B
832 B