k.petit/chlova
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: API HTTP authentifiée (chat + review) (v0.20.0)

Browse Source 
registerApi : login rate-limité → JWT, puis Bearer obligatoire sur
/api/chat, /api/review (+approve/refuse), /api/state. CORS restreint +
rate-limit. Réutilise ChatService + ReviewService. API activée seulement
si auth configurée (apiAuth). 65 tests (5 via inject), 0 vuln.

Palier de risque : privilégié (surface exposée) — montée seulement si
auth présente ; non exposée tant que .env non renseigné.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Kantin-Petit
2026-06-23 02:13:03 +02:00
parent e322ed1167
commit 26debf2fe0
7 changed files with 331 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
orchestrator/package.json
+2
View File
@@ -16,6 +16,8 @@
"test:watch": "vitest"
},
"dependencies": {
"@fastify/cors": "11.2.0",
"@fastify/rate-limit": "11.0.0",
"@modelcontextprotocol/sdk": "1.29.0",
"fastify": "5.8.5",
"jose": "6.2.3",