[API] Strengthen request authentication and proxy trust validation #372
Description
Summary
Request authentication middleware and proxy trust configuration need hardening to ensure proper identity verification.
Tasks
- Add robust null/format checks in authentication middleware
- Configure proxy trust validation to only accept known proxies
- Remove TODO placeholder in trust proxy configuration
Impact
Could allow requests to bypass authentication or spoof client identity.
Details
Full details in internal audit document. Finding IDs: SEC-API-01, SEC-API-04
Related Issues (Security Hardening Pattern)
- [Infrastructure] Tighten RBAC cluster roles & DaemonSet security context #412 — [Infrastructure] Tighten RBAC & DaemonSet security
- [Infrastructure] Add network policies & scope Vault permissions per service #413 — [Infrastructure] Network policies & Vault scoping
- [Connector] Improve offline match endpoint authentication #409 — [Connector] Improve offline match authentication
- [API] Strengthen request authentication and proxy trust validation #372 — [API] Strengthen request authentication