Skip to content

CONV-297: Create API authentication middleware#257

Merged
menvil merged 1 commit into
developfrom
feature/CONV-297-create-api-authentication-middleware
Jun 3, 2026
Merged

CONV-297: Create API authentication middleware#257
menvil merged 1 commit into
developfrom
feature/CONV-297-create-api-authentication-middleware

Conversation

@menvil

@menvil menvil commented Jun 3, 2026

Copy link
Copy Markdown
Owner

Summary

  • Adds AuthenticateApiKey middleware that reads Bearer token, SHA-256 hashes it, looks up api_keys
  • Rejects missing/invalid/revoked tokens with 401 unauthorized
  • Updates last_used_at on success and sets authenticated user via auth()->setUser()
  • Registers api.key alias in bootstrap/app.php

Test plan

  • Missing token → 401 unauthorized
  • Invalid token → 401 unauthorized
  • Revoked token → 401 unauthorized
  • Valid token authenticates user and returns 200
  • last_used_at updates on success
  • composer test passes (546 tests)
  • composer lint passes

🤖 Generated with Claude Code


Summary by cubic

Implements API key authentication middleware for v1 endpoints per CONV-297. Secures requests with Bearer tokens (SHA-256 hashed), sets the user, updates last_used_at, and returns 401 for missing, invalid, or revoked keys.

  • New Features
    • Added AuthenticateApiKey middleware with consistent 401 via ApiErrorResponseFactory.
    • Registered api.key alias in bootstrap/app.php.
    • Protected routes with Route::middleware('api.key'); added a test-only /auth-test route.
    • Added feature tests for missing/invalid/revoked/valid keys and last_used_at updates.

Written for commit b289fc7. Summary will update on new commits.

Review in cubic

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@menvil menvil merged commit 3fff67b into develop Jun 3, 2026
@coderabbitai

coderabbitai Bot commented Jun 3, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are limited based on label configuration.

🏷️ Required labels (at least one) (1)
  • release

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f60c904a-10bb-4d41-a199-5b4fda01b2f4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/CONV-297-create-api-authentication-middleware

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant