Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend/app
History
Vadym Samoilenko 70f6c6befb security: reject refresh tokens used as access tokens (C-02) 
get_current_user and get_current_user_optional now reject any token
whose payload carries type="refresh". Access tokens carry no type field
so the check is asymmetric and safe. Prevents a refresh-cookie value
from being replayed as a Bearer access token.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 14:11:50 +01:00
..
__pycache__ fixed middleware silent swallowing of exceptions FINALLY 2025-10-08 18:19:59 -05:00
api/v1 feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
core security: reject refresh tokens used as access tokens (C-02) 2026-04-29 14:11:50 +01:00
lib feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
middleware security: enforce rate limit on /auth/login (C-01) 2026-04-29 14:11:36 +01:00
migrations feat(saas): Phase 3 — membership-based authz + Mailgun + job.organization_id 2026-04-27 16:56:42 +01:00
models feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
prompts feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
schemas feat: add Project Manager role + client/team assignment panel in admin user editor 2026-04-27 15:58:55 +01:00
services fix: handle role as str or Enum in audit_logger 2026-04-29 14:09:46 +01:00
tasks feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
telemetry initial commit 2025-08-24 16:28:33 -05:00
main.py security: enforce rate limit on /auth/login (C-01) 2026-04-29 14:11:36 +01:00