PR M: API-key role binding (req.actorRole) #17

Open

nsatoshi wants to merge 1 commits from devin/1776881763-pr-m-role-binding into main

pull from: devin/1776881763-pr-m-role-binding

merge into: d-bis:main

d-bis:main

d-bis:devin/1776919187-responsive-uiux-system

d-bis:devin/1776918348-pr-ab-complete-phoenix-scaffolding

d-bis:sync/currencicombo-phoenix-e2e

d-bis:devin/1776898782-pr-aa-phoenix-migration

d-bis:devin/1776896284-pr-z-deploy-sandbox

d-bis:devin/1776890754-pr-t-evaluator-consolidation

d-bis:devin/1776883227-pr-s-obligations

d-bis:devin/1776883027-pr-r-fin-sandbox

d-bis:devin/1776882556-pr-q-e2e

d-bis:devin/1776882394-pr-p-rules-engine

d-bis:devin/1776882169-pr-o-eip712

d-bis:devin/1776881860-pr-n-swift-msgid

d-bis:devin/1776881508-pr-l-participants

d-bis:devin/1776881375-pr-k-phase-timeouts

d-bis:devin/1776881249-pr-j-redis-event-bus

d-bis:devin/1776880983-pr-i-boot-assertions-ci

d-bis:devin/1776533597-fix-undo-redo-history

d-bis:develop

Conversation 0 Commits 1 Files Changed 2 +252 -17

nsatoshi commented 2026-04-22 18:17:21 +00:00

Owner

Copy Link

Closes gap-analysis v2 §7.7.

What

• API_KEYS entries now accept key:role (back-compat: bare keys default to operator). Known roles come from ActorRole in transactionState.ts (coordinator / approver / releaser / validator / exception_manager / operator).
• apiKeyAuth + optionalApiKeyAuth inject req.actorRole alongside req.apiKey, so SoD enforcement in the state machine can consult the authenticated role directly.
• New requireRole(...roles) guard for per-route role gating.
• Fail-closed: unknown roles are skipped during parsing, not silently promoted to operator. Cache auto-invalidates when API_KEYS changes.
• 9 unit tests.

Why

The middleware previously only validated that a key was present and registered — it never attached a role to the request, so the SoD layer in the state machine had to fall back on user-agent heuristics. Binding the role at the authentication layer closes that hole.

Closes gap-analysis v2 §7.7. ## What - `API_KEYS` entries now accept `key:role` (back-compat: bare keys default to `operator`). Known roles come from `ActorRole` in `transactionState.ts` (coordinator / approver / releaser / validator / exception_manager / operator). - `apiKeyAuth` + `optionalApiKeyAuth` inject `req.actorRole` alongside `req.apiKey`, so SoD enforcement in the state machine can consult the authenticated role directly. - New `requireRole(...roles)` guard for per-route role gating. - **Fail-closed**: unknown roles are skipped during parsing, not silently promoted to `operator`. Cache auto-invalidates when `API_KEYS` changes. - 9 unit tests. ## Why The middleware previously only validated that a key was present and registered — it never attached a role to the request, so the SoD layer in the state machine had to fall back on user-agent heuristics. Binding the role at the authentication layer closes that hole.

nsatoshi added 1 commit 2026-04-22 18:17:22 +00:00

API-key role binding: inject req.actorRole ... 5a66cf87c8

Closes gap-analysis v2 §7.7.

- API_KEYS entries now accept the form key:role (back-compat: bare keys
  default to role=operator). Known roles come from ActorRole in
  transactionState.ts (coordinator / approver / releaser / validator /
  exception_manager / operator).
- apiKeyAuth + optionalApiKeyAuth inject req.actorRole alongside
  req.apiKey so the SoD enforcement in the state machine can consult
  the authenticated role directly.
- New requireRole(...roles) guard for per-route role gating.
- Fail-closed: unknown roles are skipped during parsing, not silently
  promoted to operator. Cache auto-invalidates when API_KEYS changes.
- 9 unit tests.

Some checks failed

Hide all checks

CI / Frontend Lint (pull_request) Failing after 6s

Details

CI / Frontend Type Check (pull_request) Failing after 6s

Details

CI / Frontend Build (pull_request) Failing after 8s

Details

CI / Frontend E2E Tests (pull_request) Failing after 8s

Details

CI / Orchestrator Build (pull_request) Failing after 7s

Details

CI / Contracts Compile (pull_request) Failing after 5s

Details

CI / Contracts Test (pull_request) Failing after 5s

Details

Code Quality / SonarQube Analysis (pull_request) Failing after 18s

Details

Code Quality / Code Quality Checks (pull_request) Failing after 4s

Details

Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 5s

Details

Security Scan / OWASP ZAP Scan (pull_request) Failing after 4s

Details

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin devin/1776881763-pr-m-role-binding:devin/1776881763-pr-m-role-binding

git checkout devin/1776881763-pr-m-role-binding

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

70rn4710n A.r.yavari SEG nsatoshi

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: d-bis/CurrenciCombo#17