vikunja/pkg/routes
kolaente 3d75ca049b
fix(auth): don't panic on /token/test with API token
The JWT skipper bypassed validation entirely for /token/test when the
bearer was an API token, leaving "user" unset in the context. CheckToken
then type-asserted it to *jwt.Token and panicked.

Validate the API token in the skipper but skip the route permission
check (since /token/test is not exposed in the API token route registry,
no token can hold explicit permission for it). Drop the now-redundant
JWT assertion in CheckToken — auth has already passed by the time the
handler runs.
2026-05-01 11:13:12 +02:00
..
api/v1 fix(auth): don't panic on /token/test with API token 2026-05-01 11:13:12 +02:00
caldav fix(caldav): enforce URL project match in GetResourcesByList 2026-04-09 16:07:32 +00:00
admin_gate.go feat(middleware): add RequireFeature and RequireSiteAdmin 404 gates 2026-04-20 18:55:06 +00:00
api_tokens.go fix(auth): don't panic on /token/test with API token 2026-05-01 11:13:12 +02:00
error_handler.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
feature_gate.go feat(middleware): add RequireFeature and RequireSiteAdmin 404 gates 2026-04-20 18:55:06 +00:00
healthcheck.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
metrics.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
rate_limit.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
routes.go feat(admin): wire up /admin route group with all endpoints 2026-04-20 18:55:06 +00:00
sentry_middleware.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
static.go fix(routes): restore SPA routing after Echo v5 upgrade 2026-01-25 11:07:48 +01:00
validation.go fix(attachments): extend upload file size to form data (#1577) 2025-09-30 22:23:07 +00:00