Add the API key to the env variable, make sure the Server (by default can read) and Client can read that env variable, and create a middleware so that the function can run on specific or whole APIs (for initialization the function will be run on the /api/private/question/*).
Current Tasks
[x] Add new env API_KEY
[x] Passing the key in the header request
[x] Read the key, make sure it's match with our env value
[ ] I can rotate the value when abuse happens, ideally it happened in the runtime, but if it's hard then we can trigger deployment
Asks
I don't really understand how to implement the last part mas, and I'm just wondering what the conditions are for someone to abuse our API?
Closes #34
Description
Add the API key to the env variable, make sure the Server (by default can read) and Client can read that env variable, and create a middleware so that the function can run on specific or whole APIs (for initialization the function will be run on the
/api/private/question/*
).Current Tasks
Asks