Implement API key authentication, rate limiting, and admin management features

- Added security middleware to validate API keys for protected endpoints.
- Implemented tier-based access control for API keys (basic, premium, master).
- Introduced rate limiting for global data access based on client tier.
- Created admin routes for API key management (CRUD operations).
- Enhanced logging and error handling for security-related operations.
- Updated requirements to include Flask-Limiter and python-dotenv.
- Added Docker support with a multi-stage Dockerfile and docker-compose configuration.
- Created comprehensive environment configuration in .env.example.
- Developed a test suite for security features including API key validation and rate limiting.
- Updated documentation to reflect new security and deployment features.

Author: hk-dev13

.dockerignore

@@ -0,0 +1,79 @@
+# Docker ignore patterns
+
+# Environment files
+.env
+.env.local
+.env.*.local
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.venv/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.nox/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+
+# Docker
+Dockerfile*
+docker-compose*
+.dockerignore
+
+# Documentation drafts
+*.draft.md
+
+# Logs (but keep logs directory)
+logs/*.log
+logs/*.txt
+
+# Temporary files
+*.tmp
+*.temp
+
+# Archive and backup files
+archive/
+backup/
+*.bak
+
+# Large data files (keep structure but not actual files)
+data/*.csv
+data/*.json
+data/*.xlsx
+output/*.csv
+output/*.json
+output/*.xlsx
+
+# But keep example/reference files
+!reference/
+!data/README.md

.env.example

@@ -0,0 +1,57 @@
+# Environment Configuration for Permit API
+# Copy this file to .env and update with your values
+
+# Flask Configuration
+FLASK_ENV=development
+FLASK_DEBUG=1
+FLASK_APP=api.api_server:app
+
+# Security - API Keys
+# Format: "key1:client_name1:tier1,key2:client_name2:tier2"
+# Tiers: basic (30 req/min), premium (100 req/min)
+API_KEYS=your_api_key_here:YourClient:basic,premium_key_here:PremiumClient:premium
+
+# Master API Key (highest privileges)
+MASTER_API_KEY=your_secure_master_key_here
+
+# Data Sources Configuration
+# EDGAR Excel Path (optional - defaults to reference/EDGAR_emiss_on_UCDB_2024.xlsx)
+EDGAR_XLSX_PATH=/app/reference/EDGAR_emiss_on_UCDB_2024.xlsx
+
+# ISO Data Sources (optional)
+ISO_CSV_URL=https://example.com/iso14001_certificates.csv
+ISO_XLSX_PATH=/app/reference/list_iso.xlsx
+
+# EEA API Configuration (uses default EEA Downloads API)
+EEA_BASE_URL=https://eeadmz1-downloads-api-appservice.azurewebsites.net
+
+# Rate Limiting
+RATELIMIT_STORAGE_URL=memory://
+
+# Logging Configuration
+LOG_LEVEL=INFO
+LOG_FILE=/app/logs/permit_api.log
+
+# Database Configuration (if using PostgreSQL for API keys)
+# DATABASE_URL=postgresql://username:password@localhost:5432/permit_api
+
+# Redis Configuration (if using Redis for caching)  
+# REDIS_URL=redis://localhost:6379/0
+
+# Security Headers
+SECURITY_HEADERS_ENABLED=true
+
+# CORS Configuration
+CORS_ORIGINS=*
+CORS_METHODS=GET,POST,PUT,DELETE,OPTIONS
+CORS_HEADERS=Content-Type,Authorization,X-API-Key
+
+# Development/Testing
+TESTING=false
+SAMPLE_DATA_ENABLED=true
+
+# Production Settings (uncomment for production)
+# FLASK_ENV=production
+# FLASK_DEBUG=0
+# LOG_LEVEL=WARNING
+# SAMPLE_DATA_ENABLED=false