Secure Problem Report Read Endpoints with Protected API Keys #461
Description
Description
This issue implements a security layer for problem report retrieval. Following maintainer feedback, these endpoints must be restricted because they contain sensitive data, including potential PII (Personally Identifiable Information) and specific allegations.
Context
While report submission should remain open to standard API keys to encourage user feedback, the retrieval of these reports must be limited to authorized transit agency staff and internal tools. We need to implement a distinct authentication check for "Protected" read-only endpoints.
Important
- This work depends on PR feat: Add API endpoints and database queries for retrieving problem reports by trip and stop. #449. Implementation should begin once it is merged.
Proposed Changes
1. Configuration
Add a new configuration property to maglev/config.json to store authorized keys for sensitive data access.
- Property:
maglev.protected_api_keys(as a list/slice) ormaglev.protected_api_key(as a single string).
2. Middleware Implementation
Develop a specialized authentication middleware in internal/restapi/auth_middleware.go.
- Logic: Create
validateProtectedAPIKey. This should intercept thekeyparameter or header and verify it against the "Protected" key(s) defined in the configuration. - Error Handling: Return a
401 Unauthorizedif the key is missing or does not match the protected list.
3. Routing & Security Scope
Update internal/restapi/routes.go to wrap specific retrieval routes with the new middleware:
- Protected (Read):
/api/where/problem-reports-for-trip/api/where/problem-reports-for-stop/api/where/problem-reports(from Issue Implement API Endpoints to Retrieve Problem Reports #307)
- Unprotected (Write):
- Submission endpoints (e.g.,
report-problem-with-trip) remain accessible with standard API keys.
- Submission endpoints (e.g.,