[Fix] [Studio] Protect API key routes in proxy

[dicnunz]

Summary

• Add /api-keys and /api-keys/:path* to the studio proxy matcher so API key pages require auth
• Add a proxy contract test covering the guarded API key routes

Closes #65

Tests

• npm run test:contracts -w @veriworkly/studio
• NEXT_PUBLIC_BACKEND_URL=http://localhost:8080/api/v1 npm run build -w @veriworkly/studio

[Gautam25Raj]

Hi @dicnunz, thanks for submitting this PR to address the API key route protection!

Before we merge, we have a few pieces of feedback regarding the implementation and the test:

1. Workflow Reminder: For future contributions, please comment on the issue and wait to be assigned before opening a PR. This helps us coordinate and prevents overlapping work.

2. Redundant Route Matchers: In Next.js middleware, the :path* syntax matches zero or more path segments. * "/api-keys/:path*" already covers both /api-keys and all of its subpaths (like /api-keys/create).

   • Please remove the redundant base path matchers (e.g., "/api-keys", "/admin", "/profile") from config.matcher and stick to the wildcards (e.g., "/api-keys/:path*").

3. Review of the Test File:

   • The unit test asserts the static contents of the config.matcher array rather than the actual runtime behavior of the middleware (redirection and cookie checks).
   • Tests asserting static configuration files are fragile and add maintenance overhead without providing functional regression safety. We recommend removing the test file entirely.

If you can update the PR to clean up the matcher array and remove the test file, we'll be ready to get this formatted and merged!