Summary
Add client authentication to the gateway with per-user rate limiting and usage tracking.
Requirements
Authentication
- API key validation via
x-api-key header
- Configurable auth modes: api_key, jwt, none (default)
- Key whitelist or signature validation
Per-User Quota
- Track usage per API key
- Configurable per-key rate limits
- Usage stats exposed in admin panel
CORS Hardening
- Replace
allow_origins=["*"] with configurable origins
- Default to restrictive in production
Key Files
src/llm_rosetta/gateway/app.py — middlewaresrc/llm_rosetta/gateway/config.py — auth config- New:
src/llm_rosetta/gateway/auth.py — auth logic
Summary
Add client authentication to the gateway with per-user rate limiting and usage tracking.
Requirements
Authentication
x-api-keyheaderPer-User Quota
CORS Hardening
allow_origins=["*"]with configurable originsKey Files
src/llm_rosetta/gateway/app.py— middlewaresrc/llm_rosetta/gateway/config.py— auth configsrc/llm_rosetta/gateway/auth.py— auth logic