Expand description
Authentication middleware for the admin/operator HTTP surface.
These endpoints are protected by the ADMIN_API_KEY secret for
performance reasons - they execute synchronous database queries that could
impact system performance under load. Provide the X-Admin-Key header to access.
In development mode (no ADMIN_API_KEY set), these endpoints are open.
Functionsยง
- constant_
time_ ๐eq - Constant-time byte comparison so admin-key validation does not leak the key via early-exit timing. Length difference is allowed to short-circuit (key length is not the secret); equal-length inputs are compared in full.
- monitoring_
auth_ decision - Pure auth decision for monitoring endpoints.
- monitoring_
auth_ middleware - Middleware to protect monitoring endpoints.