mirror of
https://github.com/dograh-hq/dograh.git
synced 2026-07-07 11:02:12 +02:00
* fix: gate OSS email/password auth endpoints outside local auth mode The /auth signup/login/me routes were mounted unconditionally, so the SaaS deployment accepted unauthenticated signups that created oss_* provider-id users (and auto-provisioned MPS service keys) bypassing Stack Auth entirely. Gate them with a router-level dependency that 404s when AUTH_PROVIDER is not "local", rather than conditionally mounting the router, so the OpenAPI spec and the clients generated from it stay identical across deployment modes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * fix: keep current user route available in stack auth --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| depends.py | ||
| stack_auth.py | ||