feat: 添加请求认证中间件保护 API 端点

- 新增 auth-middleware.js 验证客户端 API Key - 支持 Authorization: Bearer <key> 和 x-api-key 两种方式 - API Keys 只通过环境变量配置（安全最佳实践） - 公开路径: /, /health, /status - 可配置 /v1/models 是否需要认证 - 启动时输出认证状态日志配置方式: AUTH_ENABLED=true API_KEYS=sk-key1,sk-key2 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-27 16:13:55 +08:00
parent 17ddd815a9
commit d1dc095cb1
4 changed files with 167 additions and 0 deletions
--- a/config.json
+++ b/config.json
@@ -100,6 +100,10 @@
      "http://127.0.0.1:3000"
    ]
  },
+  "auth": {
+    "enabled": false,
+    "public_models": true
+  },
  "dev_mode": false,
  "user_agent": "factory-cli/0.40.2",
  "system_prompt": "You are Droid, an AI software engineering agent built by Factory.\n\n"