feat(client): add API key authentication for /authz endpoint

Add WithAPIKey option to set a Bearer token on requests to the authz-service /authz endpoint. When set, Fetch() includes an Authorization header. Backward compatible - no key means no header. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 08:23:38 +01:00
parent a54cf45a4b
commit 9cdb09add4
2 changed files with 51 additions and 1 deletions
@@ -28,6 +28,7 @@ type PrivilegeHandler struct {
 	*sync.RWMutex
 	client     *http.Client
 	baseURL    string
+	apiKey     string
 	privileges map[string]map[string]*CompanyPrivileges
 }

@@ -41,6 +42,13 @@ func WithBaseURL(url string) OptsFunc {
 	}
 }

+// WithAPIKey sets an API key used as a Bearer token when fetching privileges
+func WithAPIKey(key string) OptsFunc {
+	return func(handler *PrivilegeHandler) {
+		handler.apiKey = key
+	}
+}
+
 // New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
 func New(opts ...OptsFunc) *PrivilegeHandler {
 	handler := &PrivilegeHandler{
@@ -57,7 +65,16 @@ func New(opts ...OptsFunc) *PrivilegeHandler {

 // Fetch the initial set of privileges from an authz-service
 func (h *PrivilegeHandler) Fetch() error {
-	resp, err := h.client.Get(fmt.Sprintf("%s/authz", h.baseURL))
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/authz", h.baseURL), nil)
+	if err != nil {
+		return err
+	}
+
+	if h.apiKey != "" {
+		req.Header.Set("Authorization", "Bearer "+h.apiKey)
+	}
+
+	resp, err := h.client.Do(req)
 	if err != nil {
 		return err
 	}