From 367db0706b9c28095fbca52588a93375c440f0fd Mon Sep 17 00:00:00 2001
From: Marshall Bowers <git@maxdeviant.com>
Date: Fri, 8 May 2026 08:28:22 -0400
Subject: [PATCH] collab: Remove unused `api_token` field from `Config`
 (#56098)

This PR removes the `api_token` field from Collab's `Config`, as it is
no longer used.

Release Notes:

- N/A
---
 crates/collab/.env.toml                        | 1 -
 crates/collab/k8s/collab.template.yml          | 5 -----
 crates/collab/src/auth.rs                      | 3 +--
 crates/collab/src/lib.rs                       | 2 --
 crates/collab/tests/integration/test_server.rs | 1 -
 5 files changed, 1 insertion(+), 11 deletions(-)

diff --git a/crates/collab/.env.toml b/crates/collab/.env.toml
index 8a4c74067a75b1a6075c2071e38ceade6daae8ef..1d20a14e2d5fd2d461bb4c9af93321cf7f73d402 100644
--- a/crates/collab/.env.toml
+++ b/crates/collab/.env.toml
@@ -2,7 +2,6 @@ DATABASE_URL = "postgres://postgres@localhost/zed"
 # DATABASE_URL = "sqlite:////root/0/zed/db.sqlite3?mode=rwc"
 DATABASE_MAX_CONNECTIONS = 5
 HTTP_PORT = 8080
-API_TOKEN = "secret"
 ZED_ENVIRONMENT = "development"
 LIVEKIT_SERVER = "http://localhost:7880"
 LIVEKIT_KEY = "devkey"
diff --git a/crates/collab/k8s/collab.template.yml b/crates/collab/k8s/collab.template.yml
index bad3d290d79bebd6ea3dfc352e1462ceaf19b91d..f2c2c6ebb487ac90a30132979c60a70f2099569a 100644
--- a/crates/collab/k8s/collab.template.yml
+++ b/crates/collab/k8s/collab.template.yml
@@ -87,11 +87,6 @@ spec:
                   key: url
             - name: DATABASE_MAX_CONNECTIONS
               value: "${DATABASE_MAX_CONNECTIONS}"
-            - name: API_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: api
-                  key: token
             - name: ZED_CLIENT_CHECKSUM_SEED
               valueFrom:
                 secretKeyRef:
diff --git a/crates/collab/src/auth.rs b/crates/collab/src/auth.rs
index 629d93388dd9d5d0710252783d816e580e20facc..3ea8d8390885b743141fc25ba1fac7cfcfb5a64b 100644
--- a/crates/collab/src/auth.rs
+++ b/crates/collab/src/auth.rs
@@ -11,8 +11,7 @@ use std::sync::Arc;
 
 /// Validates the authorization header and adds an Extension<Principal> to the request.
 /// Authorization: <user-id> <token>
-///   <token> can be an access_token attached to that user, or an access token of an admin
-///   or (in development) the string ADMIN:<config.api_token>.
+///   <token> is the access_token attached to that user.
 /// Authorization: "dev-server-token" <token>
 pub async fn validate_header<B>(mut req: Request<B>, next: Next<B>) -> impl IntoResponse {
     let mut auth_header = req
diff --git a/crates/collab/src/lib.rs b/crates/collab/src/lib.rs
index 91259b4ce402e57223907feae6190ac6575e10cd..041e7461725bc8193a270b0c13b58abb37620235 100644
--- a/crates/collab/src/lib.rs
+++ b/crates/collab/src/lib.rs
@@ -124,7 +124,6 @@ pub struct Config {
     pub database_url: String,
     pub seed_path: Option<PathBuf>,
     pub database_max_connections: u32,
-    pub api_token: String,
     pub livekit_server: Option<String>,
     pub livekit_key: Option<String>,
     pub livekit_secret: Option<String>,
@@ -171,7 +170,6 @@ impl Config {
             http_port: 0,
             database_url: "".into(),
             database_max_connections: 0,
-            api_token: "".into(),
             livekit_server: None,
             livekit_key: None,
             livekit_secret: None,
diff --git a/crates/collab/tests/integration/test_server.rs b/crates/collab/tests/integration/test_server.rs
index 820bcbd33765874bcc01722a3239c98ba9458f10..9bfddbca754d28fef5ada27247c7d43cb6fc3ddc 100644
--- a/crates/collab/tests/integration/test_server.rs
+++ b/crates/collab/tests/integration/test_server.rs
@@ -586,7 +586,6 @@ impl TestServer {
                 http_port: 0,
                 database_url: "".into(),
                 database_max_connections: 0,
-                api_token: "".into(),
                 livekit_server: None,
                 livekit_key: None,
                 livekit_secret: None,