zgaetano
a1a6ef137a
/admin, /dashboard, /dashboard/status, and all /users/* and /keys/* endpoints were publicly accessible with no authentication, exposing user management, API key generation, and backend topology to anyone. - /dashboard and /dashboard/status now require Bearer token - /admin (user management UI) now requires Bearer token - All /users/* and /keys/revoke routes now require Bearer token - /health scrubbed of sensitive fields (token counts, client counts) - /linkedin/* left public (required for OAuth callback flow) Auth checks use GATEWAY_STATIC_API_KEY or valid OAuth access tokens, consistent with the existing /mcp and /status endpoints. |
||
|---|---|---|
| .. | ||
| dashboard_routes.py | ||
| Dockerfile | ||
| gateway_proxy.py | ||
| gateway_proxy_fixed.py | ||
| gateway_proxy_patch.py | ||
| gateway_proxy_user_integration.py | ||
| INTEGRATION_INSTRUCTIONS.md | ||
| oauth_storage.py | ||
| openai_routes.py | ||
| openai_routes_fixed.py | ||
| user_dashboard_ui.py | ||
| user_management.py | ||
| user_routes.py | ||