Protect admin pause/unpause and config mutation behind authentication

[mikewheeleer]

Harden the admin and config endpoints with authentication

Description

POST /api/v1/admin/pause, POST /api/v1/admin/unpause, and PATCH /api/v1/config in src/index.ts are completely unauthenticated. Any caller can freeze the entire backend (the pause guard rejects all writes with 503) or rewrite the rate-limit and bulk-size config — a trivial denial-of-service. This issue gates these privileged operations behind an admin credential.

Requirements and context

• Repository scope: Agentpay-Org/Agentpay-backend only.
• Require an ADMIN_API_KEY (env-configured) on /api/v1/admin/pause, /api/v1/admin/unpause, and PATCH /api/v1/config; respond 401 unauthorized otherwise.
• Keep GET /api/v1/admin/status and GET /api/v1/config readable (they expose no secrets).
• Use a constant-time comparison for the admin key check.
• Ensure the pause-guard exemption for /api/v1/admin/unpause still works once auth is added (operator must always be able to recover).

Suggested execution

• Fork the repo and create a branch
• git checkout -b security/security-19-admin-auth
• Implement changes
  • Write code in: an admin-auth middleware and the admin/config routes in src/index.ts.
  • Write comprehensive tests in: new src/admin-auth.test.ts — pause requires key, wrong key 401, status stays public.
  • Add documentation: document ADMIN_API_KEY in README.md.
  • Add TSDoc on the admin-auth middleware.
  • Validate security assumptions: constant-time compare, no timing oracle, recovery path intact.
• Test and commit

Test and commit

• Run npm run build, npm test, and npm run lint.
• Cover edge cases: missing key, wrong key, correct key, unauth read of status/config.
• Include the full npm test output and a threat-model note in the PR description.

Example commit message

security: require admin key for pause/unpause and config mutation

Guidelines

• Minimum 95 percent test coverage for impacted modules.
• Clear, reviewer-focused documentation.
• Timeframe: 96 hours.

Community & contribution rewards

• 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
• ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.

[Sundayabel222]

I’d like to implement the authentication security layer for our admin pause and configuration mutation functions. My focus will be on "Cryptographic Authorization Isolation"—specifically leveraging Soroban’s native .require_auth() signature mechanism inside our contract entry points. The contract will dynamically query the recorded admin address instance from storage and verify the incoming cryptographic signature. This completely prevents bad actors from executing out-of-bounds configuration updates or triggering arbitrary contract freezes.