vrr/OmniRoute
2
0
Fork 0
mirror of https://github.com/diegosouzapw/OmniRoute.git synced 2026-05-05 17:56:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(auth): require admin auth for backup and translator routes

Browse source 
Protect database backup, export, restore, and translator save endpoints
with authentication checks to block unauthenticated data access and
state changes.

Also remove the insecure API key secret fallback, ignore nested app env
files from package publishes, and align tests with explicit
application/json Accept headers for non-stream requests
This commit is contained in:
diegosouzapw 2026-04-12 19:08:06 -03:00
parent b65caf82b4
commit c286fdc96a
9 changed files with 51 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/unit/executor-codex.test.mjs
View file

@ -67,7 +67,7 @@ test("CodexExecutor.buildHeaders binds workspace ids and disables SSE accept for
assert.equal(standardHeaders.Authorization, "Bearer codex-token");
assert.equal(standardHeaders.Accept, "text/event-stream");
assert.equal(standardHeaders["chatgpt-account-id"], "workspace-1");
assert.equal(compactHeaders.Accept, undefined);
assert.equal(compactHeaders.Accept, "application/json");
});
test("CodexExecutor.transformRequest injects default instructions, clamps reasoning and strips unsupported fields", () => {