feat: added WIP apikey request guard

[ErikBjare]

[codecov[bot]]

Codecov Report

Merging #185 (da279fa) into master (65e28bf) will increase coverage by 0.18%. The diff coverage is 60.00%.

@@            Coverage Diff             @@
##           master     #185      +/-   ##
==========================================
+ Coverage   59.67%   59.86%   +0.18%     
==========================================
  Files          42       42              
  Lines        4308     4313       +5     
==========================================
+ Hits         2571     2582      +11     
+ Misses       1737     1731       -6     

Impacted Files	Coverage Δ
aw-server/src/endpoints/cors.rs	100.00% <ø> (ø)
aw-server/src/endpoints/mod.rs	100.00% <ø> (+3.33%)	:arrow_up:
aw-server/src/config.rs	45.20% <60.00%> (+1.08%)	:arrow_up:
aw-query/src/parser.rs	38.90% <0.00%> (+0.15%)	:arrow_up:
aw-datastore/src/datastore.rs	74.15% <0.00%> (+0.30%)	:arrow_up:
aw-datastore/src/worker.rs	75.95% <0.00%> (+0.69%)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 65e28bf...da279fa. Read the comment docs.

[ErikBjare]

@johan-bjareholt I've explained the reasoning for why it's needed in the docstring for auth.rs

But yes, the key will be exposed if not used with HTTPS. However, for Android apps it's still an improvement (since I assume they can't snoop on local packets however they like).

[johan-bjareholt]

However, for Android apps it's still an improvement (since I assume they can't snoop on local packets however they like).

Aha, that makes sense.