Issue 001: Wire admin authentication middleware into admin routes
Area: Backend
Priority: Critical
Files: services/api/src/main.rs, services/api/src/security.rs
Problem
Admin routes are labeled as protected but no API key middleware is attached. Any caller can access admin endpoints without authentication.
Acceptance Criteria
- x-api-key header is required for all admin endpoints\n- Invalid or missing key returns 401 Unauthorized\n- Tests cover authorized and unauthorized calls\n- Middleware is applied before route handlers execute
Issue 001: Wire admin authentication middleware into admin routes
Area: Backend
Priority: Critical
Files: services/api/src/main.rs, services/api/src/security.rs
Problem
Admin routes are labeled as protected but no API key middleware is attached. Any caller can access admin endpoints without authentication.
Acceptance Criteria