Add support for new authentication types and Bearer token forwarding

[Gu-ZT]

This pull request introduces a new "transform" authentication mode, allowing the server to forward the user's Bearer token to upstream providers as the API key, instead of using a configured provider API key. This is useful for proxy scenarios where end users supply their own API keys. The changes include updates to configuration files, documentation, server logic, and provider clients to support this new mode.

Authentication Mode Enhancements

• Added a new auth_type configuration option (authentication or transform) to control how Bearer tokens are handled. In transform mode, the user's Bearer token is extracted and forwarded as the upstream provider's API key. In authentication mode (default), the Bearer token is compared to auth_token for authentication. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11]

Provider Client Updates

• Updated provider clients for Anthropic, OpenAI, and Google to use the transformed Bearer token from the request context as the API key when in transform mode, falling back to the configured API key otherwise. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

Documentation and Example Configuration

• Updated docs/CONFIGURATION.md and docs/GETTING-STARTED.md to explain the new auth_type option and document its usage and effects. The example configuration file now includes comments and examples for both authentication modes. [1] [2] [3]

These changes make it possible to securely expose the service as a proxy for end users who supply their own API keys, while maintaining the original authentication mode as the default.

[Copilot]

Pull request overview

This PR adds a new auth_type server configuration option to support two modes: traditional Bearer-token authentication (authentication, default) and Bearer-token “transform/forwarding” (transform) where the incoming Bearer token is used as the upstream provider credential.

Changes:

• Introduces auth_type parsing/storage in config types and loader, plus context plumbing for passing the transformed token through request handling.
• Updates server request handling and OpenAI Responses passthrough to use the transformed token as the upstream API key when present.
• Updates Anthropic/OpenAI Chat/Google clients to prefer a transformed token from context.Context, and updates docs + example config.

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
internal/service/server/server.go	Adds auth_type handling in ServeHTTP and extracts Bearer token into context for transform mode.
internal/service/server/dispatch.go	Overrides provider API key with transformed token for OpenAI Responses passthrough.
internal/protocol/google/client.go	Uses transformed token (if present) as effective API key for Gemini/Vertex requests.
internal/protocol/chat/client.go	Uses transformed token (if present) as effective API key for OpenAI Chat requests.
internal/protocol/anthropic/client.go	Uses transformed token (if present) as effective API key for Anthropic requests.
internal/config/domain_server.go	Adds AuthType to the server-layer domain config.
internal/config/convert.go	Serializes AuthType back into ServerFileConfig for persistence/export.
internal/config/config.go	Defines AuthType and context helpers for storing/retrieving transformed tokens.
internal/config/config_loader.go	Adds auth_type to file config and parsing into runtime config.
docs/GETTING-STARTED.md	Documents auth_type usage in the quickstart config snippet.
docs/CONFIGURATION.md	Documents auth_type semantics and how it affects upstream credentialing.
config.example.yml	Adds commented examples/explanations for auth_type and auth_token.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ZhiYi-R]

考虑到MoonBridge支持多提供商，Bearer透传是否考虑作为Per Provider配置而不是全局配置？