API key validation filter with header/query extraction and backend lookup.
Requirements
- Extract API key from configurable header (e.g.
X-API-Key) or query parameter
- Lookup backend: in-memory map or KV store registry
- Constant-time comparison to prevent timing attacks
- Optional: map API key to tenant identity in FilterContext
- Return 401 on missing key, 403 on invalid key
Implementation Notes
- Implement as
HttpFilter under filter/src/builtins/http/security/
- Use
subtle::ConstantTimeEq or equivalent for comparison
- KV store integration for dynamic key management
Parent epic: #12
API key validation filter with header/query extraction and backend lookup.
Requirements
X-API-Key) or query parameterImplementation Notes
HttpFilterunderfilter/src/builtins/http/security/subtle::ConstantTimeEqor equivalent for comparisonParent epic: #12