core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
059644bc37
molecule-core/platform/internal/middleware
History
molecule-ai[bot] 059644bc37
fix(wsauth): add removed-workspace JOIN to ValidateToken (#697) 
Defense-in-depth: workspace-scoped ValidateToken now rejects tokens
belonging to workspaces with status='removed' at the DB layer, even
when revoked_at IS NULL. Mirrors the same guard added to ValidateAnyToken
in #696. Updated all test mock patterns (workspace_test, a2a_proxy_test,
secrets_test, admin_test_token_test, middleware) to match the new JOIN query.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 12:46:27 +00:00
..
ratelimit_test.go fix(router): call SetTrustedProxies(nil) to close IP-spoofing bypass (#179) 2026-04-15 17:32:54 +00:00
ratelimit.go fix: #93 category_routing + #105 X-RateLimit headers 2026-04-15 00:23:46 -07:00
securityheaders_test.go fix(platform): pin X-Content-Type-Options nosniff + add /orgs API prefix (#614) 2026-04-17 06:02:18 +00:00
securityheaders.go fix(platform): pin X-Content-Type-Options nosniff + add /orgs API prefix (#614) 2026-04-17 06:02:18 +00:00
tenant_guard_test.go fix(auth): TenantGuard same-origin bypass for EC2 tenant Canvas 2026-04-16 18:22:23 -07:00
tenant_guard.go fix(auth): TenantGuard same-origin bypass for EC2 tenant Canvas 2026-04-16 18:22:23 -07:00
wsauth_middleware_test.go fix(wsauth): add removed-workspace JOIN to ValidateToken (#697) 2026-04-17 12:46:27 +00:00
wsauth_middleware.go Merge pull request #628 from Molecule-AI/fix/issue-623-adminauth-origin-bypass 2026-04-17 06:13:33 +00:00