feat: forward Authorization header from request to downstream

Prioritize Authorization header from incoming request over environment
variable, allowing per-request API key routing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/proxy/forward.ts

@@ -3,7 +3,7 @@ import { rewriteResponse } from './response-rewriter';
 import { normalizeRequest } from './request-normalizer';
 import { logger } from '../utils/logger';
 
-export async function forwardChatRequest(requestBody: any): Promise<any> {
+export async function forwardChatRequest(requestBody: any, authorization?: string): Promise<any> {
   const targetHost = config.targetUrl;
   const targetEndpoint = `${targetHost}/api/chat`;
 
@@ -22,8 +22,10 @@ export async function forwardChatRequest(requestBody: any): Promise<any> {
     'Accept': 'application/json'
   };
 
-  // Add Authorization header if API key is configured
+  // Use Authorization from request header, fallback to config
-  if (config.apiKey) {
+  if (authorization) {
+    headers['Authorization'] = authorization;
+  } else if (config.apiKey) {
     headers['Authorization'] = `Bearer ${config.apiKey}`;
   }
 

src/routes/ollama.ts

@@ -17,7 +17,7 @@ const ollamaRoutes: FastifyPluginAsync = async (server: FastifyInstance) => {
         return;
       }
 
-      const response = await forwardChatRequest(body);
+      const response = await forwardChatRequest(body, request.headers.authorization);
       
       reply.status(200).send(response);
     } catch (error: any) {