ez-api

ruochen/ez-api

Fork 0

mirror of https://github.com/EZ-Api/ez-api.git synced 2026-01-13 17:47:51 +00:00

Commit Graph

Author	SHA1	Message	Date
zenfun	4cd9b66a84	feat(auth): enhance token validation and internal access control Refactor the `Whoami` handler to validate token metadata (status, expiration, revocation) against Redis before database lookup, ensuring consistency with balancer logic. Add `allow_ips`, `deny_ips`, and `expires_at` fields to authentication responses. Update internal middleware to support explicit anonymous access configuration and harden security for unconfigured tokens. Remove legacy fallback logic for master keys without digests. BREAKING CHANGE: Internal endpoints now reject requests by default if no stats token is configured. To allow unauthenticated access, set `internal.allow_anonymous` to true. BREAKING CHANGE: Support for legacy master keys without stored digests has been removed.	2026-01-03 16:04:04 +08:00
zenfun	88289015fc	feat: add internal stats flush API	2025-12-19 23:26:33 +08:00

Author

SHA1

Message

Date

zenfun

4cd9b66a84

feat(auth): enhance token validation and internal access control

Refactor the `Whoami` handler to validate token metadata (status, expiration,
revocation) against Redis before database lookup, ensuring consistency with
balancer logic. Add `allow_ips`, `deny_ips`, and `expires_at` fields to
authentication responses.

Update internal middleware to support explicit anonymous access configuration
and harden security for unconfigured tokens.

Remove legacy fallback logic for master keys without digests.

BREAKING CHANGE: Internal endpoints now reject requests by default if no stats token is configured. To allow unauthenticated access, set `internal.allow_anonymous` to true.
BREAKING CHANGE: Support for legacy master keys without stored digests has been removed.

2026-01-03 16:04:04 +08:00

zenfun

88289015fc

feat: add internal stats flush API

2025-12-19 23:26:33 +08:00

2 Commits