mirror of
https://github.com/EZ-Api/ez-api.git
synced 2026-01-13 17:47:51 +00:00
4cd9b66a84
Refactor the `Whoami` handler to validate token metadata (status, expiration, revocation) against Redis before database lookup, ensuring consistency with balancer logic. Add `allow_ips`, `deny_ips`, and `expires_at` fields to authentication responses. Update internal middleware to support explicit anonymous access configuration and harden security for unconfigured tokens. Remove legacy fallback logic for master keys without digests. BREAKING CHANGE: Internal endpoints now reject requests by default if no stats token is configured. To allow unauthenticated access, set `internal.allow_anonymous` to true. BREAKING CHANGE: Support for legacy master keys without stored digests has been removed.
7.9 KiB
7.9 KiB