POST /api/incoming/orders now validates incoming key through
https://auth.queo.ru/api/verify (with targetService=doc_manager, scope=incoming_orders).
Accepts key in X-Site-Key, X-Api-Key, or Authorization: Bearer headers.
Local Sites table becomes optional convenience map: if a Site with matching
slug exists, we use its organizationId and link Order.siteId; otherwise the
Order is created under DEFAULT_ORGANIZATION_ID with no siteId. No local key
storage is needed anymore — Auth_server is the source of truth.
modules/sites/auth-verify.ts:
- 5-second timeout to /api/verify
- 5-minute TTL cache on positive verify (configurable AUTH_VERIFY_TTL_SECONDS)
- 30-second TTL on negative (so spam attacks don't hammer Auth)
- Graceful degrade: Auth unreachable → returns {valid:false, error:'auth_unreachable:…'},
endpoint replies 401 with that detail (does NOT silently accept)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
admin