Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): implement safe guest auth flow and harden request_jwt

Browse Source 
- Patched request_jwt to strip privileged IDs when signing with public keys
- Updated AccountContext and V3 dependencies to preserve JWT payloads for guests
- Whitelisted Archive, Post, Event, and other core objects for public read access
- Added 'default_qry_str' to Event searchable fields
- Added test_e2e_jwt_guest_auth.py for security verification
This commit is contained in:
Scott Idem
2026-01-20 14:56:56 -05:00
parent 8a22ac324c
commit dc7732ab5f
11 changed files with 179 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/object_definitions/cms.py
View File

@@ -40,6 +40,7 @@ cms_obj_li = {
'table_name_alt': 'v_post_detail',
'tbl_name_update': 'post',
'base_name': Post_Base,
'public_read': True,
'exp_default': [
'post_id_random',
'account_id_random',
@@ -70,6 +71,7 @@ cms_obj_li = {
'table_name_alt': 'v_post_comment_detail',
'tbl_name_update': 'post_comment',
'base_name': Post_Comment_Base,
'public_read': True,
'exp_default': [
'post_comment_id_random',
'account_id_random', 'post_id_random',
@@ -118,6 +120,7 @@ cms_obj_li = {
'tbl_name_update': 'site_domain',
'base_name': Site_Domain_Base,
'base_name_alt': Site_Domain_FQDN_ID_Base,
'public_read': True,
# V3 Search Security:
'searchable_fields': [
'id', 'account_id', 'site_id',