Initial commit with Email Import Wizard and Task Processor updates

paperless-backend/src/auth/api-key.guard.ts

@@ -0,0 +1,37 @@
+import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
+import { ApiKeysService } from './api-keys.service';
+
+@Injectable()
+export class ApiKeyGuard implements CanActivate {
+  constructor(private readonly apiKeysService: ApiKeysService) {}
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    const request = context.switchToHttp().getRequest();
+    
+    // Check header (X-API-Key)
+    let apiKey = request.headers['x-api-key'] || request.headers['X-API-Key'];
+    
+    // Fallback to query parameter (apiKey)
+    if (!apiKey) {
+      apiKey = request.query['apiKey'];
+    }
+
+    if (!apiKey) {
+      throw new UnauthorizedException('API Key missing');
+    }
+
+    try {
+      const keyEntry = await this.apiKeysService.validateKey(apiKey as string);
+      
+      // Attach metadata to request if needed later
+      request.apiKeyMetadata = {
+        id: keyEntry.id,
+        name: keyEntry.name,
+      };
+      
+      return true;
+    } catch (err) {
+      throw new UnauthorizedException(err.message || 'Invalid API Key');
+    }
+  }
+}