chore: update stale token references in auth comment and .env.example

GenerQAQ · GenerQAQ · commit f0f6c3dd0868 · 2026-03-27T13:55:21.000+08:00
diff --git a/dashboard/.env.example b/dashboard/.env.example
@@ -4,7 +4,7 @@ NEXT_PUBLIC_BASE_PATH=""
 NEXT_PUBLIC_SUPABASE_URL=your-project-url
 NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY=sb_publishable_... or anon key
 
-ACONTEXT_API_BEARER_TOKEN=your-root-api-bearer-token
+ACONTEXT_API_BEARER_TOKEN=AaGyw9Tl9qe4ydDh8qO0xdZNkrobQvwHWFRsnp5a3QtfbaDSDJQeRHxXPr4bGpc0g130EqBSjRNF
 ACONTEXT_PROJECT_BEARER_TOKEN_PREFIX=sk-ac-
 
 NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=xxx
diff --git a/src/server/api/go/internal/middleware/auth.go b/src/server/api/go/internal/middleware/auth.go
@@ -71,8 +71,8 @@ const (
 )
 
 // ProjectAuth returns a middleware that authenticates requests using project bearer tokens.
-// Token format: sk-ac-{auth_secret}.{encrypted_master_key}
-// Derives a KEK and stores it in context for downstream encryption operations.
+// Token formats: compact (sk-ac-{base64url, 76 chars}) or legacy (sk-ac-{plain_secret}).
+// For compact tokens, derives a KEK and stores it in context for downstream encryption.
 // It caches project lookups in Redis to avoid hitting the database on every request.
 func ProjectAuth(cfg *config.Config, db *gorm.DB, rdb *redis.Client) gin.HandlerFunc {
 	return func(c *gin.Context) {
