Issue 002: Wire IP whitelist middleware for admin endpoints
Area: Backend
Priority: Critical
Files: services/api/src/main.rs, services/api/src/security.rs
Problem
IpWhitelist is initialized but never used in the middleware stack. Admin endpoints are accessible from any IP.
Acceptance Criteria
- Admin routes enforce IP whitelist when configured\n- Non-whitelisted IPs return 403 Forbidden\n- Behavior is documented and tested\n- Whitelist is configurable via environment variable
Issue 002: Wire IP whitelist middleware for admin endpoints
Area: Backend
Priority: Critical
Files: services/api/src/main.rs, services/api/src/security.rs
Problem
IpWhitelist is initialized but never used in the middleware stack. Admin endpoints are accessible from any IP.
Acceptance Criteria