GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(auth): align auth middleware anonymous paths with RBAC config

Browse source 
- Remove broad /api/auth anonymous path that was matching /api/auth/me
- Add specific anonymous paths: /api/auth/login, /api/auth/refresh, /api/auth/bootstrap
- Remove /api/auth/logout, /api/auth/2fa/* from anonymous (require auth)
- Fix /api/auth/me returning 401 for authenticated users

The issue was auth middleware treating /api/auth/me as anonymous due to
prefix matching on /api/auth, while RBAC correctly required authentication.
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2026-01-10 17:30:35 -03:00
parent d6866ab73a
commit cf1b735a4b
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
botserver

@ -1 +1 @@
Subproject commit 9b1a01221efb80813159be59cafe15c7e885b167
Subproject commit 2811272e072b2d18963b95ff717726a6796ea00b

2
botui

@ -1 +1 @@
Subproject commit 7bb230b59c290a09d6564b52e5af4d94c4a4116e
Subproject commit c6fc5306c6706032c038042d49aa0aef789dfb67