Scott.Idem/OSIT-AE-API-FastAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): implement safe guest auth flow and harden request_jwt

Browse Source 
- Patched request_jwt to strip privileged IDs when signing with public keys
- Updated AccountContext and V3 dependencies to preserve JWT payloads for guests
- Whitelisted Archive, Post, Event, and other core objects for public read access
- Added 'default_qry_str' to Event searchable fields
- Added test_e2e_jwt_guest_auth.py for security verification
This commit is contained in:
Scott Idem
2026-01-20 14:56:56 -05:00
parent 8a22ac324c
commit dc7732ab5f
11 changed files with 179 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/object_definitions/other.py
View File

@@ -102,6 +102,7 @@ other_obj_li = {
'table_name': 'v_archive_content',
'tbl_name_update': 'archive_content',
'base_name': Archive_Content_Base,
'public_read': True,
# V3 Search Security:
'searchable_fields': [
'archive_content_id_random', 'account_id_random', 'archive_id_random',
@@ -122,6 +123,7 @@ other_obj_li = {
'table_name': 'v_hosted_file',
'tbl_name_update': 'hosted_file',
'base_name': Hosted_File_Base,
'public_read': True,
'exp_default': [
'hosted_file_id_random',
'hash_sha256',