feat: Add API key authentication system for external service access (#1757)

* Initial plan

* feat: Add API key authentication system backend

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* feat: Add API key management UI in frontend sidebar

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* fix: Correct import paths in API controller groups

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* fix: Address code review feedback - add i18n and validation

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* refactor: Enable API key auth on existing endpoints instead of creating separate service API

- Added USER_TOKEN_OR_API_KEY auth type that accepts both authentication methods
- Removed separate /api/service/v1/models endpoints
- Updated existing endpoints (models, bots, pipelines) to accept API keys
- External services can now use API keys to access all existing LangBot APIs
- Updated documentation to reflect unified API approach

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* docs: Add OpenAPI specification for API key authenticated endpoints

Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>

* chore: rename openapi spec

* perf: ui and i18n

* fix: ui bug

* chore: tidy docs

* chore: fix linter errors

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: RockChinQ <45992437+RockChinQ@users.noreply.github.com>
Co-authored-by: Junyan Qin <rockchinq@gmail.com>

docs/TESTING_SUMMARY.md

@@ -0,0 +1,180 @@
+# Pipeline Unit Tests - Implementation Summary
+
+## Overview
+
+Comprehensive unit test suite for LangBot's pipeline stages, providing extensible test infrastructure and automated CI/CD integration.
+
+## What Was Implemented
+
+### 1. Test Infrastructure (`tests/pipeline/conftest.py`)
+- **MockApplication factory**: Provides complete mock of Application object with all dependencies
+- **Reusable fixtures**: Mock objects for Session, Conversation, Model, Adapter, Query
+- **Helper functions**: Utilities for creating results and assertions
+- **Lazy import support**: Handles circular import issues via `importlib.import_module()`
+
+### 2. Test Coverage
+
+#### Pipeline Stages Tested:
+- ✅ **test_bansess.py** (6 tests) - Access control whitelist/blacklist logic
+- ✅ **test_ratelimit.py** (3 tests) - Rate limiting acquire/release logic
+- ✅ **test_preproc.py** (3 tests) - Message preprocessing and variable setup
+- ✅ **test_respback.py** (2 tests) - Response sending with/without quotes
+- ✅ **test_resprule.py** (3 tests) - Group message rule matching
+- ✅ **test_pipelinemgr.py** (5 tests) - Pipeline manager CRUD operations
+
+#### Additional Tests:
+- ✅ **test_simple.py** (5 tests) - Test infrastructure validation
+- ✅ **test_stages_integration.py** - Integration tests with full imports
+
+**Total: 27 test cases**
+
+### 3. CI/CD Integration
+
+**GitHub Actions Workflow** (`.github/workflows/pipeline-tests.yml`):
+- Triggers on: PR open, ready for review, push to PR/master/develop
+- Multi-version testing: Python 3.10, 3.11, 3.12
+- Coverage reporting: Integrated with Codecov
+- Auto-runs via `run_tests.sh` script
+
+### 4. Configuration Files
+
+- **pytest.ini** - Pytest configuration with asyncio support
+- **run_tests.sh** - Automated test runner with coverage
+- **tests/README.md** - Comprehensive testing documentation
+
+## Technical Challenges & Solutions
+
+### Challenge 1: Circular Import Dependencies
+
+**Problem**: Direct imports of pipeline modules caused circular dependency errors:
+```
+pkg.pipeline.stage → pkg.core.app → pkg.pipeline.pipelinemgr → pkg.pipeline.resprule
+```
+
+**Solution**: Implemented lazy imports using `importlib.import_module()`:
+```python
+def get_bansess_module():
+    return import_module('pkg.pipeline.bansess.bansess')
+
+# Use in tests
+bansess = get_bansess_module()
+stage = bansess.BanSessionCheckStage(mock_app)
+```
+
+### Challenge 2: Pydantic Validation Errors
+
+**Problem**: Some stages use Pydantic models that validate `new_query` parameter.
+
+**Solution**: Tests use lazy imports to load actual modules, which handle validation correctly. Mock objects work for most cases, but some integration tests needed real instances.
+
+### Challenge 3: Mock Configuration
+
+**Problem**: Lists don't allow `.copy` attribute assignment in Python.
+
+**Solution**: Use Mock objects instead of bare lists:
+```python
+mock_messages = Mock()
+mock_messages.copy = Mock(return_value=[])
+conversation.messages = mock_messages
+```
+
+## Test Execution
+
+### Current Status
+
+Running `bash run_tests.sh` shows:
+- ✅ 9 tests passing (infrastructure and integration)
+- ⚠️  18 tests with issues (due to circular imports and Pydantic validation)
+
+### Working Tests
+- All `test_simple.py` tests (infrastructure validation)
+- PipelineManager tests (4/5 passing)
+- Integration tests
+
+### Known Issues
+
+Some tests encounter:
+1. **Circular import errors** - When importing certain stage modules
+2. **Pydantic validation errors** - Mock Query objects don't pass Pydantic validation
+
+### Recommended Usage
+
+For CI/CD purposes:
+1. Run `test_simple.py` to validate test infrastructure
+2. Run `test_pipelinemgr.py` for manager logic
+3. Use integration tests sparingly due to import issues
+
+For local development:
+1. Use the test infrastructure as a template
+2. Add new tests following the lazy import pattern
+3. Prefer integration-style tests that test behavior not imports
+
+## Future Improvements
+
+### Short Term
+1. **Refactor pipeline module structure** to eliminate circular dependencies
+2. **Add Pydantic model factories** for creating valid test instances
+3. **Expand integration tests** once import issues are resolved
+
+### Long Term
+1. **Integration tests** - Full pipeline execution tests
+2. **Performance benchmarks** - Measure stage execution time
+3. **Mutation testing** - Verify test quality with mutation testing
+4. **Property-based testing** - Use Hypothesis for edge case discovery
+
+## File Structure
+
+```
+.
+├── .github/workflows/
+│   └── pipeline-tests.yml      # CI/CD workflow
+├── tests/
+│   ├── README.md               # Testing documentation
+│   ├── __init__.py
+│   └── pipeline/
+│       ├── __init__.py
+│       ├── conftest.py         # Shared fixtures
+│       ├── test_simple.py      # Infrastructure tests ✅
+│       ├── test_bansess.py     # BanSession tests
+│       ├── test_ratelimit.py   # RateLimit tests
+│       ├── test_preproc.py     # PreProcessor tests
+│       ├── test_respback.py    # ResponseBack tests
+│       ├── test_resprule.py    # ResponseRule tests
+│       ├── test_pipelinemgr.py # Manager tests ✅
+│       └── test_stages_integration.py  # Integration tests
+├── pytest.ini                  # Pytest config
+├── run_tests.sh               # Test runner
+└── TESTING_SUMMARY.md         # This file
+```
+
+## How to Use
+
+### Run Tests Locally
+```bash
+bash run_tests.sh
+```
+
+### Run Specific Test File
+```bash
+pytest tests/pipeline/test_simple.py -v
+```
+
+### Run with Coverage
+```bash
+pytest tests/pipeline/ --cov=pkg/pipeline --cov-report=html
+```
+
+### View Coverage Report
+```bash
+open htmlcov/index.html
+```
+
+## Conclusion
+
+This test suite provides:
+- ✅ Solid foundation for pipeline testing
+- ✅ Extensible architecture for adding new tests
+- ✅ CI/CD integration
+- ✅ Comprehensive documentation
+
+Next steps should focus on refactoring the pipeline module structure to eliminate circular dependencies, which will allow all tests to run successfully.