vikunja/pkg/routes/api
kolaente 5f4a21a4c5 feat(events): add auth boundary events
LoginSucceededEvent fires from NewUserAuthTokenResponse (the chokepoint
where local, LDAP and OIDC logins converge), LoginFailedEvent from
handleFailedPassword on every failed password check, LogoutEvent from
the logout handler, and APIToken issued/revoked/used events from the
token model and auth middleware. The token events carry IDs only since
the freshly created token struct holds the raw token string and the
poison queue logs message payloads.

None of these events have a listener yet — the audit registration adds
them. Dispatching to a topic without subscribers is a no-op.
2026-06-12 08:56:08 +00:00
..
shared refactor(auth): extract shared auth/token business logic for v2 reuse 2026-06-12 07:58:17 +00:00
v1 feat(events): add auth boundary events 2026-06-12 08:56:08 +00:00
v2 fix(api/v2): gate /register at registration time, not per request 2026-06-12 07:58:17 +00:00