mcp-servers

zgaetano/mcp-servers

Fork 0

Commit graph

Author	SHA1	Message	Date
zgaetano	a1a6ef137a	security: require auth on all admin/dashboard/user routes /admin, /dashboard, /dashboard/status, and all /users/* and /keys/* endpoints were publicly accessible with no authentication, exposing user management, API key generation, and backend topology to anyone. - /dashboard and /dashboard/status now require Bearer token - /admin (user management UI) now requires Bearer token - All /users/* and /keys/revoke routes now require Bearer token - /health scrubbed of sensitive fields (token counts, client counts) - /linkedin/* left public (required for OAuth callback flow) Auth checks use GATEWAY_STATIC_API_KEY or valid OAuth access tokens, consistent with the existing /mcp and /status endpoints.	2026-03-31 23:32:15 -04:00
zgaetano	ebb6836674	Add gateway-proxy/user_routes.py	2026-03-31 15:33:41 -04:00

Author

SHA1

Message

Date

zgaetano

a1a6ef137a

security: require auth on all admin/dashboard/user routes

/admin, /dashboard, /dashboard/status, and all /users/* and /keys/*
endpoints were publicly accessible with no authentication, exposing
user management, API key generation, and backend topology to anyone.

- /dashboard and /dashboard/status now require Bearer token
- /admin (user management UI) now requires Bearer token
- All /users/* and /keys/revoke routes now require Bearer token
- /health scrubbed of sensitive fields (token counts, client counts)
- /linkedin/* left public (required for OAuth callback flow)

Auth checks use GATEWAY_STATIC_API_KEY or valid OAuth access tokens,
consistent with the existing /mcp and /status endpoints.

2026-03-31 23:32:15 -04:00

zgaetano

ebb6836674

Add gateway-proxy/user_routes.py

2026-03-31 15:33:41 -04:00

2 commits