Michael-Jetson cf2d5067c3 fix(security): add JWT auth + visibility check to pages API ...

- GET /pages/:slug now requires JWT + checks custom_menu_items visibility
- GET /pages (list) is admin-only
- GET /pages/:slug/images/* uses visibility check without JWT (browser
  img tags cannot carry auth headers), blocks admin-only page images
- Frontend fetch adds Authorization header from authStore.token
- settingService nil guard changed to fail-closed (deny access)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-05 07:00:08 -07:00

..

config

fix(rate-limit): remove 429 cooldown config option

2026-05-05 20:11:12 +08:00

domain

Add Vertex service account support

2026-04-25 20:39:58 -04:00

handler

fix(security): add JWT auth + visibility check to pages API

2026-05-05 07:00:08 -07:00

integration

test: 完善自动化测试体系（7个模块，73个任务）

2026-02-08 12:05:39 +08:00

middleware

test: 完善自动化测试体系（7个模块，73个任务）

2026-02-08 12:05:39 +08:00

model

feat(tls-fingerprint): 新增 TLS 指纹 Profile 数据库管理及代码质量优化

2026-03-27 14:33:05 +08:00

payment

Fix Zpay refund endpoint handling

2026-04-26 04:57:34 +00:00

pkg

feat: improve OpenAI messages compatibility for Claude Code

2026-05-05 19:36:33 +08:00

repository

feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering

2026-05-05 06:44:37 -07:00

server

fix(security): add JWT auth + visibility check to pages API

2026-05-05 07:00:08 -07:00

service

fix(security): add JWT auth + visibility check to pages API

2026-05-05 07:00:08 -07:00

setup

fix(setup): align install validation and expose backend errors

2026-03-17 15:38:18 +08:00

testutil

feat: cleanup stale concurrency slots on startup

2026-03-09 19:55:18 +08:00

util

revert: completely remove all Sora functionality

2026-04-05 17:11:01 +08:00

web

fix: bridge codex image generation over responses

2026-04-23 15:13:57 +00:00