trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

feat: add API_KEY to .env.example with placeholder and instructions

Browse source 
- Add API_KEY environment variable with placeholder value 'change_me_to_a_strong_random_key'
- Include helpful comment explaining its purpose: authentication between Next.js and ML service
- Provide command for generating strong random value: openssl rand -hex 32
- Mark task 3.4 as completed
This commit is contained in:
Marko Djordjevic 2026-02-18 11:06:47 +01:00
parent 4a3e4a48ba
commit c023702644
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.env.example
View file

@ -2,6 +2,10 @@ NODE_ENV=production
PORT=3000
DATABASE_URL=postgresql://your_db_user:change_me_to_a_strong_password@postgres:5432/candle_annotator
# API key for authenticating requests between Next.js and ML service
# Generate a strong random value: openssl rand -hex 32
API_KEY=change_me_to_a_strong_random_key
# ML Inference Service Configuration
INFERENCE_API_URL=http://localhost:8001
INFERENCE_API_TIMEOUT=30000

2
openspec/changes/code-review-fix/tasks.md
View file

@ -22,7 +22,7 @@
- [x] 3.1 `[sonnet]` Create `src/middleware.ts` with API key auth middleware: read `API_KEY` env var, check `X-API-Key` header on all `/api/*` routes except `/api/health`, return 401 if invalid
- [x] 3.2 `[sonnet]` Add FastAPI `Depends()` API key dependency in `services/ml/app/main.py`: read `API_KEY` env var, check `X-API-Key` header, exempt `/health` endpoint
- [x] 3.3 `[sonnet]` Update all Next.js proxy routes to forward `X-API-Key` header to ML service
- [ ] 3.4 `[haiku]` Add `API_KEY` to `.env.example` with placeholder value and instructions
- [x] 3.4 `[haiku]` Add `API_KEY` to `.env.example` with placeholder value and instructions
## 4. API Route Hardening (Next.js)