Commit Graph

6 Commits

Author SHA1 Message Date
moebiusband 153ecb6dff Bound JWT token cache and document auth model
The per-handler JWT validation cache was never pruned, so a long-running
process accumulated one map entry per distinct rotating token, growing
without bound (a slow memory leak / DoS vector). Evict stale entries on
the cache-miss path and cap the cache at maxTokenCacheSize, clearing it
if eviction of expired tokens cannot free space.

Also document in the README that auth verifies only the token signature
and expiry (claims/roles are not enforced) and that an empty
jwt-public-key disables authentication entirely.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-13 10:44:06 +02:00
moebiusband 0fa5d8bb8d Run go fix tool. Refactor 2026-03-04 11:07:05 +01:00
moebiusband 6aca448c18 Port to newest cclib. Use metricstore as library. 2026-01-26 09:59:29 +01:00
moebiusband 6d5594a376 Change JWT Auth to Middleware Handler
Caveat: Cache is per endpoint
2024-06-26 05:31:28 +02:00
moebiusband 826658f762 Refactor. Add Swagger UI docs.
Change from Gorilla mux to net/http
2024-06-25 20:08:25 +02:00
moebiusband 5ca66aef87 Put token authentication in separate file 2024-05-06 15:40:22 +02:00