fix(auth): align auth middleware anonymous paths with RBAC config

- Remove broad /api/auth anonymous path that was matching /api/auth/me - Add specific anonymous paths: /api/auth/login, /api/auth/refresh, /api/auth/bootstrap - Remove /api/auth/logout, /api/auth/2fa/* from anonymous (require auth) - Fix /api/auth/me returning 401 for authenticated users The issue was auth middleware treating /api/auth/me as anonymous due to prefix matching on /api/auth, while RBAC correctly required authentication.
2026-01-10 17:30:35 -03:00 · 2026-01-10 17:30:35 -03:00 · cf1b735a4b
commit cf1b735a4b
parent d6866ab73a
2 changed files with 2 additions and 2 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 9b1a01221efb80813159be59cafe15c7e885b167
+Subproject commit 2811272e072b2d18963b95ff717726a6796ea00b
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 7bb230b59c290a09d6564b52e5af4d94c4a4116e
+Subproject commit c6fc5306c6706032c038042d49aa0aef789dfb67
		`@ -1 +1 @@`
			`Subproject commit 9b1a01221efb80813159be59cafe15c7e885b167`				`Subproject commit 2811272e072b2d18963b95ff717726a6796ea00b`
		`@ -1 +1 @@`
			`Subproject commit 7bb230b59c290a09d6564b52e5af4d94c4a4116e`				`Subproject commit c6fc5306c6706032c038042d49aa0aef789dfb67`