From ab55fe2b585134b8e324caeb6442686edbd9f757 Mon Sep 17 00:00:00 2001
From: DmitrL-dev <84296377+DmitrL-dev@users.noreply.github.com>
Date: Wed, 25 Mar 2026 20:14:43 +1000
Subject: [PATCH] fix: make SOC ingest JWT-exempt for sensor access + battle
 script JWT login

---
 internal/infrastructure/auth/middleware.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/infrastructure/auth/middleware.go b/internal/infrastructure/auth/middleware.go
index 78421a9..68b6c10 100644
--- a/internal/infrastructure/auth/middleware.go
+++ b/internal/infrastructure/auth/middleware.go
@@ -34,6 +34,7 @@ func NewJWTMiddleware(secret []byte) *JWTMiddleware {
 			"/api/auth/plans":    true,
 			"/api/v1/scan":       true, // public demo scanner
 			"/api/v1/usage":      true, // public usage/quota check
+			"/api/v1/soc/events": true, // sensor ingest (auth via RBAC API key when enabled)
 			"/api/soc/events/stream": true, // SSE uses query param auth
 			"/api/soc/stream":         true, // SSE live feed (EventSource can't send headers)
 			"/api/soc/ws":             true, // WebSocket-style SSE push