fix: require authentication for /v1/auth/reload endpoint#78
Merged
matej21 merged 1 commit intocontember:mainfrom Mar 27, 2026
Merged
Conversation
Move the /v1/auth/reload route from the public router to the protected router so it requires a valid bearer token. Previously any unauthenticated client could trigger a token reload from disk. Closes contember#69 Co-Authored-By: Claude Code
There was a problem hiding this comment.
Pull request overview
This PR addresses a security issue by requiring authentication for the /v1/auth/reload endpoint, preventing unauthenticated callers from forcing token reloads from disk.
Changes:
- Moved
POST /v1/auth/reloadfrom the public router to the protected router guarded by the auth middleware.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/v1/auth/reloadroute from the public router to the protected routerCloses #69
Test plan
POST /v1/auth/reloadreturns 401POST /v1/auth/reloadstill worksCo-Authored-By: Claude Code