Add API write token configuration and tests

[shayancoin]

Summary

• add configuration support for an API write token and cache loading in the security helpers
• document the new API_WRITE_TOKEN requirement and forward it through docker compose environments
• expand Hygraph pull endpoint tests to cover authorization failures and success paths

Testing

• pytest backend/tests/test_sync_routes_metrics.py (fails: ModuleNotFoundError: No module named 'sqlalchemy')

---

https://chatgpt.com/codex/tasks/task_e_68f12bd6856c83308e935d2b4b529283

Summary by CodeRabbit

• Documentation

  • Updated API write token configuration documentation with details on privileged sync endpoints.

• Bug Fixes

  • Modified API write token validation error response to return HTTP 403 status code.

• Chores

  • Updated environment configuration to support API write token setup.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This pull request updates API write token authentication and configuration. It modifies the error response in the require_write_token function from HTTP 401 to HTTP 403, adds a test helper function to manipulate the API write token environment variable, documents the API_WRITE_TOKEN variable in configuration files and docker-compose manifests, and propagates the token into container environments.

Changes

Cohort / File(s)	Summary
Documentation updates backend/README.md, docs/plan/paform-fastapi-extension-v0-1-plan.md	Added API_WRITE_TOKEN documentation for privileged sync endpoints and updated environment variable planning.
Security logic backend/api/security.py	Modified require_write_token to return HTTP 403 FORBIDDEN (instead of 401 UNAUTHORIZED) when Authorization header is missing or invalid.
Test infrastructure backend/tests/test_sync_routes_metrics.py	Added _set_write_token() test helper function to toggle API_WRITE_TOKEN environment variable and clear related caches.
Docker configuration docker-compose.dev.yml, docker-compose.yml	Added API_WRITE_TOKEN=${API_WRITE_TOKEN} environment variable entry to backend services.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

The changes are straightforward: a simple error code modification, basic test helper addition, and repetitive environment variable configuration. No complex logic or control flow alterations. The consistency of changes across files reduces cognitive overhead.

Possibly related PRs

• Add API write token configuration and tighten sync auth #88: Directly modifies the same require_write_token authentication flow and API_WRITE_TOKEN configuration across tests, docs, and docker-compose.
• Ensure Hygraph sync background task uses fresh session #89: Updates backend/api/security.py to add _load_expected_write_token helper and refactor require_write_token validation logic.
• Ensure webhook sync uses independent sessions #90: Alters require_write_token error response handling and introduces write-token cache management helpers.

Poem

🐰 Token guard hops high, with 403 in sight,
Where 401 once stood, now proper rights,
Environment keys dance in config files true,
Docker secrets spin—authentication renewed! ✨

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description provides a summary and testing details but does not follow the repository’s required template because it omits the PR Type, Short Description, and Tests Added sections.	Please revise the pull request description to match the repository template by adding a "PR Type" header with one of the allowed categories, a "Short Description" section summarizing the change, and a "Tests Added" section listing the new tests.
Docstring Coverage	⚠️ Warning	Docstring coverage is 41.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title concisely summarizes the primary changes of this pull request by highlighting the addition of API write token configuration and tests, making it clear and specific without unnecessary details.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eaa4555 and 117ced8.

📒 Files selected for processing (3)

• backend/README.md (1 hunks)
• backend/api/security.py (1 hunks)
• backend/tests/test_sync_routes_metrics.py (1 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Note

Docstrings generation - SUCCESS
Generated docstrings for this pull request at #155