feat(server): add support for extra maps in adapter configuration

* Introduced ExtraMapConfig to allow multiple adapter configurations.
* Updated server and handler to utilize extra maps for routing.
* Added dashboard handler for metrics visualization.

pkg/server/server.go

@@ -23,6 +23,7 @@ func New(
 	cfg *config.Config,
 	clients map[string]embedclient.Client,
 	adp adapter.Adapter,
+	extraMaps map[string]ExtraMap,
 	reg *metrics.Registry,
 	logger *zap.Logger,
 ) (router *bunrouter.Router, err error) {
@@ -34,38 +35,49 @@ func New(
 	}()
 
 	router = bunrouter.New(
-		bunrouter.WithMiddleware(authMiddleware(cfg.Server.APIKeys)),
 		bunrouter.WithMiddleware(traceMiddleware()),
 		bunrouter.WithMiddleware(metricsMiddleware(reg, adp)),
 		bunrouter.WithMiddleware(loggingMiddleware(logger)),
 	)
 
-	h := &handler{cfg: cfg, clients: clients, adapter: adp, logger: logger}
+	h := &handler{cfg: cfg, clients: clients, adapter: adp, extraMaps: extraMaps, logger: logger}
 
-	router.POST("/v1/embeddings", h.openAIEmbeddings)
+	// Public routes — no authentication required.
+	router.GET("/", spec.DocsHandler())
+	router.GET("/docs", spec.DocsHandler())
+	router.GET("/openapi.yaml", spec.SpecHandler())
+
+	// All API routes require authentication.
+	authed := router.NewGroup("", bunrouter.WithMiddleware(authMiddleware(cfg.Server.APIKeys)))
+
+	authed.POST("/v1/embeddings", h.openAIEmbeddings)
 	// Google API uses a literal colon as a method separator (e.g. /v1/models/foo:embedContent).
 	// bunrouter can't distinguish two routes with the same :param prefix, so a single wildcard
 	// captures the full "model:action" segment and dispatches internally.
-	router.POST("/v1/models/*modelaction", h.googleDispatch)
+	authed.POST("/v1/models/*modelaction", h.googleDispatch)
 
-	// OpenAPI spec + docs
-	router.GET("/openapi.yaml", spec.SpecHandler())
-	router.GET("/docs", spec.DocsHandler())
+	// Extra-map routes: /map/:mapping/v1/... uses the adapter configured under extra_maps[mapping].
+	authed.POST("/map/:mapping/v1/embeddings", h.openAIEmbeddingsMapped)
+	authed.POST("/map/:mapping/v1/models/*modelaction", h.googleDispatchMapped)
 
-	// Metrics — only when enabled
+	// Metrics — only when enabled; registered in the authed group so server
+	// auth (if configured) applies. Metrics may additionally enforce its own key.
 	if cfg.Metrics.Enabled {
 		metricsHandler := promhttp.HandlerFor(reg.Prometheus(), promhttp.HandlerOpts{})
 		path := cfg.Metrics.Path
 		if path == "" {
 			path = "/metrics"
 		}
+		dash := dashboardHandler(reg)
 		if cfg.Metrics.APIKey != "" {
-			router.GET(path, metricsAuthHandler(cfg.Metrics.APIKey, metricsHandler))
+			authed.GET(path, metricsAuthHandler(cfg.Metrics.APIKey, metricsHandler))
+			authed.GET("/dashboard", metricsKeyMiddleware(cfg.Metrics.APIKey, dash))
 		} else {
-			router.GET(path, func(w http.ResponseWriter, req bunrouter.Request) error {
+			authed.GET(path, func(w http.ResponseWriter, req bunrouter.Request) error {
 				metricsHandler.ServeHTTP(w, req.Request)
 				return nil
 			})
+			authed.GET("/dashboard", dash)
 		}
 	}
 
@@ -148,6 +160,18 @@ func loggingMiddleware(logger *zap.Logger) bunrouter.MiddlewareFunc {
 	}
 }
 
+// metricsKeyMiddleware guards a bunrouter.HandlerFunc with a dedicated Bearer token.
+func metricsKeyMiddleware(apiKey string, h bunrouter.HandlerFunc) bunrouter.HandlerFunc {
+	return func(w http.ResponseWriter, req bunrouter.Request) error {
+		token := strings.TrimPrefix(req.Header.Get("Authorization"), "Bearer ")
+		if token != apiKey {
+			http.Error(w, "unauthorized", http.StatusUnauthorized)
+			return nil
+		}
+		return h(w, req)
+	}
+}
+
 // metricsAuthHandler wraps a standard http.Handler with Bearer token auth.
 func metricsAuthHandler(apiKey string, h http.Handler) bunrouter.HandlerFunc {
 	return func(w http.ResponseWriter, req bunrouter.Request) error {