Add token-based authentication for receiver

cmd/collector/main.go

@@ -31,6 +31,7 @@ func main() {
 	logFormat := flag.String("log-format", defaultLogFormat, "Output format: json, text")
 	topN := flag.Int("top", defaultTopN, "Number of top processes to include")
 	pushEndpoint := flag.String("push-endpoint", "", "HTTP endpoint to push metrics to (e.g., http://localhost:8080/api/v1/metrics)")
+	pushToken := flag.String("push-token", os.Getenv("COLLECTOR_PUSH_TOKEN"), "Bearer token for push endpoint authentication (or set COLLECTOR_PUSH_TOKEN)")
 	flag.Parse()
 
 	// Setup structured logging for application logs
@@ -61,7 +62,7 @@ func main() {
 
 	// Setup push client if endpoint is configured
 	if *pushEndpoint != "" {
-		pushClient := summary.NewPushClient(*pushEndpoint)
+		pushClient := summary.NewPushClient(*pushEndpoint, *pushToken)
 		c.SetPushClient(pushClient)
 		execCtx := pushClient.ExecutionContext()
 		appLogger.Info("push client configured",

cmd/receiver/main.go

@@ -23,6 +23,7 @@ func main() {
 	addr := flag.String("addr", defaultAddr, "HTTP listen address")
 	dbPath := flag.String("db", defaultDBPath, "SQLite database path")
 	readToken := flag.String("read-token", os.Getenv("RECEIVER_READ_TOKEN"), "Pre-shared token for read endpoints (or set RECEIVER_READ_TOKEN)")
+	hmacKey := flag.String("hmac-key", os.Getenv("RECEIVER_HMAC_KEY"), "Secret key for push token generation/validation (or set RECEIVER_HMAC_KEY)")
 	flag.Parse()
 
 	logger := slog.New(slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{
@@ -36,7 +37,7 @@ func main() {
 	}
 	defer func() { _ = store.Close() }()
 
-	handler := receiver.NewHandler(store, logger, *readToken)
+	handler := receiver.NewHandler(store, logger, *readToken, *hmacKey)
 	mux := http.NewServeMux()
 	handler.RegisterRoutes(mux)