fix: harden login for MLPS requirements

This commit is contained in:
2026-05-14 11:05:20 +08:00
parent ecf3ee1ef0
commit 879677516f
39 changed files with 1230 additions and 71 deletions
+2 -1
View File
@@ -498,7 +498,8 @@ func errorResponse(description string) map[string]any {
}
func securityForPath(path string) []map[string][]string {
if path == "/api/auth/login" || path == "/api/auth/refresh" ||
if path == "/api/auth/password-key" ||
path == "/api/auth/login" || path == "/api/auth/refresh" ||
strings.HasPrefix(path, "/api/health/") ||
strings.HasPrefix(path, "/api/public/") {
return nil