Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): implement safe guest auth flow and harden request_jwt

Browse Source 
- Patched request_jwt to strip privileged IDs when signing with public keys
- Updated AccountContext and V3 dependencies to preserve JWT payloads for guests
- Whitelisted Archive, Post, Event, and other core objects for public read access
- Added 'default_qry_str' to Event searchable fields
- Added test_e2e_jwt_guest_auth.py for security verification
This commit is contained in:
Scott Idem
2026-01-20 14:56:56 -05:00
parent 8a22ac324c
commit dc7732ab5f
11 changed files with 179 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/auth_models.py
View File

@@ -11,3 +11,4 @@ class AccountContext(BaseModel):
manager: bool = False
super: bool = False
auth_method: str = 'legacy_header'
token_payload: Optional[dict] = None