MrSphay/odysseus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ffb77d7ff21794840b72bf11eb1916e6359cd50d
odysseus/routes
History
Tatlatat ffb77d7ff2 fix(auth): honor AUTH_ENABLED=false on owner-scoped endpoints (no /login loop) (#880) 
When the operator sets AUTH_ENABLED=false, three owner-scoped endpoints still
returned 401 (api/models, api/research/*, api/email/*), so the front-end
redirected the browser to /login and the app was unusable despite auth being
turned off. require_user() in src/auth_helpers.py already documents and honors
this contract (issue #622) via 'if _auth_disabled(): return ""', but these
endpoints did their own get_current_user/is_configured check without it.

Make _require_user (research), the /api/models anti-leak guard, and
email_helpers._require_auth consult _auth_disabled() and let anonymous through
(owner='') only when the operator explicitly disabled auth. The 401 protection
is fully intact when AUTH_ENABLED=true. Verified end-to-end: with
AUTH_ENABLED=false the SPA now loads instead of bouncing to /login.
2026-06-02 12:26:26 +09:00
..
__init__.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
admin_wipe_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
api_token_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
assistant_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
auth_routes.py
Revoke stale sessions after password change
2026-06-02 05:59:22 +09:00
backup_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
calendar_routes.py
Fix YEARLY recurring CalDAV events only showing on DTSTART year (#179)
2026-06-01 13:42:44 +09:00
chat_helpers.py
feat(ai): add OpenRouter and Ollama Cloud providers (#231)
2026-06-01 14:26:10 +09:00
chat_routes.py
fix: scope chat active-document lookup to the session owner (#569)
2026-06-02 11:46:40 +09:00
cleanup_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
compare_routes.py
feat(ai): add OpenRouter and Ollama Cloud providers (#231)
2026-06-01 14:26:10 +09:00
contacts_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
cookbook_helpers.py
fix(cookbook): skip pip --user fallback inside virtualenvs (#388) (#889)
2026-06-02 12:23:20 +09:00
cookbook_routes.py
Improve Cookbook serve diagnostics and recommendations
2026-06-02 12:15:47 +09:00
diagnostics_routes.py
Fix email-thread HTML injection, attachment path traversal, and missing authz (#475)
2026-06-01 22:20:17 +09:00
document_helpers.py
Harden PDF document markers against cross-owner upload access (#445)
2026-06-01 22:38:14 +09:00
document_routes.py
Harden PDF document markers against cross-owner upload access (#445)
2026-06-01 22:38:14 +09:00
editor_draft_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
email_helpers.py
fix(auth): honor AUTH_ENABLED=false on owner-scoped endpoints (no /login loop) (#880)
2026-06-02 12:26:26 +09:00
email_pollers.py
Scope email calendar extraction to account owner
2026-06-01 23:12:32 +09:00
email_routes.py
Fix email-thread HTML injection, attachment path traversal, and missing authz (#475)
2026-06-01 22:20:17 +09:00
embedding_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
emoji_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
font_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
gallery_helpers.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
gallery_routes.py
Gate image editor AI endpoints by privilege (#447)
2026-06-01 22:35:24 +09:00
history_routes.py
fix(history): scope topic analysis to authenticated owner only (#744)
2026-06-02 11:36:01 +09:00
hwfit_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
mcp_routes.py
Fix email-thread HTML injection, attachment path traversal, and missing authz (#475)
2026-06-01 22:20:17 +09:00
memory_routes.py
feat: allow memory import without session (#493)
2026-06-01 22:32:17 +09:00
model_routes.py
fix(auth): honor AUTH_ENABLED=false on owner-scoped endpoints (no /login loop) (#880)
2026-06-02 12:26:26 +09:00
note_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
personal_routes.py
Scope personal RAG uploads by owner (#446)
2026-06-01 22:36:53 +09:00
prefs_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
preset_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
research_routes.py
fix(auth): honor AUTH_ENABLED=false on owner-scoped endpoints (no /login loop) (#880)
2026-06-02 12:26:26 +09:00
search_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
session_routes.py
Attribute API-token sessions to the token owner (effective_user) (#871)
2026-06-02 11:39:01 +09:00
shell_routes.py
Expose Cookbook user-install CLIs in Docker (#887)
2026-06-02 12:23:29 +09:00
signature_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
skills_routes.py
fix(skills): scope skill reads to caller owner (#777)
2026-06-02 11:21:27 +09:00
stt_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
task_routes.py
Polish email tasks and window controls
2026-06-01 20:56:46 +09:00
tts_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
upload_routes.py
Add native Windows compatibility layer
2026-06-01 15:09:47 +09:00
vault_routes.py
fix(security): stop leaking the vault master password via process argv (#879)
2026-06-02 12:25:43 +09:00
webhook_routes.py
fix(security): fail closed on null-owner session in sync-chat endpoint (#870)
2026-06-02 11:38:05 +09:00