happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/server/router/api/v1
History
Steven 26d10212c6 refactor: consolidate duplicated auth logic into auth package 
Add ApplyToContext and AuthenticateToUser helpers to the auth package,
then remove the duplicated auth code spread across the MCP middleware,
file server, Connect interceptor, and gRPC-Gateway middleware.

- auth.ApplyToContext: single place to set claims/user into context after Authenticate()
- auth.AuthenticateToUser: resolves any credential (bearer token or refresh cookie) to a *store.User
- MCP middleware: replaced manual PAT DB lookup + expiry check with Authenticator.AuthenticateByPAT
- File server: replaced authenticateByBearerToken/authenticateByRefreshToken with AuthenticateToUser
- Connect interceptor + Gateway middleware: replaced duplicated context-setting block with ApplyToContext
- MCPService now accepts secret to construct its own Authenticator
 		2026-02-24 23:08:16 +08:00
..
test chore: fix static check linter warnings 2026-02-08 21:37:02 +08:00
acl_config.go fix: allow guests to view public memo comments 2026-01-11 22:35:12 +08:00
acl_config_test.go refactor: user auth improvements (#5360) 2025-12-18 18:15:51 +08:00
activity_service.go fix: gracefully handle deleted memos in activity service to prevent inbox crashes 2026-02-08 21:26:18 +08:00
attachment_exif_test.go feat: implement EXIF metadata stripping for image uploads 2026-01-26 22:18:44 +08:00
attachment_service.go fix: add access control checks for attachments, comments, and reactions 2026-01-31 23:02:30 +08:00
auth_service.go feat: implement refresh token rotation with sliding window sessions in the auth service 2025-12-30 23:00:15 +08:00
auth_service_client_info_test.go refactor: remove deprecated Sessions and AccessTokens settings 2025-12-19 08:35:57 +08:00
common.go refactor: migrate HOST roles to ADMIN 2026-01-20 23:38:30 +08:00
connect_handler.go refactor: migrate to connect-rpc (#5338) 2025-12-11 19:49:07 +08:00
connect_interceptors.go refactor: consolidate duplicated auth logic into auth package 2026-02-24 23:08:16 +08:00
connect_services.go refactor: remove deprecated Sessions and AccessTokens settings 2025-12-19 08:35:57 +08:00
header_carrier.go fix(backend): correct generic type parameter in withHeaderCarrier helper 2025-12-12 08:06:13 +08:00
health_service.go refactor(store): remove deprecated migration_history table and backward compatibility code 2025-12-01 22:54:30 +08:00
idp_service.go refactor: migrate HOST roles to ADMIN 2026-01-20 23:38:30 +08:00
instance_service.go feat: update instance profile to use admin user instead of initialized flag 2026-01-28 23:27:53 +08:00
memo_attachment_service.go fix(store): allow memo/attachment deletion when local file is missing 2026-02-23 10:26:40 +08:00
memo_relation_service.go fix: replace echo.NewHTTPError with status.Errorf 2026-02-08 19:23:34 +08:00
memo_service.go fix: replace echo.NewHTTPError with status.Errorf 2026-02-08 19:23:34 +08:00
memo_service_converter.go refactor: rename workspace to instance throughout codebase 2025-11-05 23:35:35 +08:00
memo_service_filter.go refactor: deprecate old filter 2025-07-22 21:25:57 +08:00
reaction_service.go fix: add access control checks for attachments, comments, and reactions 2026-01-31 23:02:30 +08:00
resource_name.go refactor: nest reaction resource names under memos 2025-12-30 23:29:54 +08:00
shortcut_service.go fix: replace echo.NewHTTPError with status.Errorf 2026-02-08 19:23:34 +08:00
user_service.go fix(webhook): remediate SSRF vulnerability in webhook dispatcher 2026-02-23 10:14:24 +08:00
user_service_stats.go perf: optimize memory usage for statistics and image processing 2025-12-30 00:06:23 +08:00
v1.go refactor: consolidate duplicated auth logic into auth package 2026-02-24 23:08:16 +08:00