💡(backend) warm about the token nature of Yprovider microservice

Note to the future myself, using a raw token format is
not common. It should be refactor

src/backend/core/services/collaboration_services.py

@@ -26,6 +26,7 @@ class CollaborationService:
         # same pod thanks to a parameter
         endpoint_url = f"{settings.COLLABORATION_API_URL}{endpoint}/?room={room}"
 
+        # Note: Collaboration microservice accepts only raw token, which is not recommended
         headers = {"Authorization": settings.COLLABORATION_SERVER_SECRET}
         if user_id:
             headers["X-User-Id"] = user_id

src/backend/core/services/converter_services.py

@@ -31,6 +31,7 @@ class YdocConverter:
     @property
     def auth_header(self):
         """Build microservice authentication header."""
+        # Note: Yprovider microservice accepts only raw token, which is not recommended
         return settings.Y_PROVIDER_API_KEY
 
     def convert_markdown(self, text):

src/frontend/servers/y-provider/src/middlewares.ts

@@ -25,6 +25,7 @@ export const httpSecurity = (
   }
 
   // Secret API Key check
+  // Note: Changing this header to Bearer token format will break backend compatibility with this microservice.
   const apiKey = req.headers['authorization'];
   if (apiKey !== COLLABORATION_SERVER_SECRET) {
     res.status(403).json({ error: 'Forbidden: Invalid API Key' });