Oliver/video-accessibility
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
video-accessibility/backend/app/core
History
Vadym Samoilenko 70f6c6befb security: reject refresh tokens used as access tokens (C-02) 
get_current_user and get_current_user_optional now reject any token
whose payload carries type="refresh". Access tokens carry no type field
so the check is asymmetric and safe. Prevents a refresh-cookie value
from being replayed as a Bearer access token.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-29 14:11:50 +01:00
..
__pycache__ fixed objectID/stringID mismatch 2025-10-08 18:23:05 -05:00
authz.py feat(saas): Phase 3 — membership-based authz + Mailgun + job.organization_id 2026-04-27 16:56:42 +01:00
config.py feat: per-client glossary — hybrid exact/vector retrieval + AI injection 2026-04-29 13:03:38 +01:00
database.py feat: per-language QC workflow with linguist assignment 2026-04-29 12:09:40 +01:00
dependencies.py security: reject refresh tokens used as access tokens (C-02) 2026-04-29 14:11:50 +01:00
logging.py initial commit 2025-08-24 16:28:33 -05:00
redis.py initial commit 2025-08-24 16:28:33 -05:00
secrets_config.py initial commit 2025-08-24 16:28:33 -05:00
security.py initial commit 2025-08-24 16:28:33 -05:00
seed.py feat: add linguist role and user management navigation 2026-04-16 11:46:33 +01:00