sub2api-ht

Files

Michael-Jetson cf2d5067c3 fix(security): add JWT auth + visibility check to pages API

- GET /pages/:slug now requires JWT + checks custom_menu_items visibility
- GET /pages (list) is admin-only
- GET /pages/:slug/images/* uses visibility check without JWT (browser
  img tags cannot carry auth headers), blocks admin-only page images
- Frontend fetch adds Authorization header from authStore.token
- settingService nil guard changed to fail-closed (deny access)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-05-05 07:00:08 -07:00

middleware

feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering

2026-05-05 06:44:37 -07:00

routes

feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering

2026-05-05 06:44:37 -07:00

api_contract_test.go

feat: add redeem code affiliate rebate, batch concurrency API, and markdown page rendering

2026-05-05 06:44:37 -07:00

http.go

feat: websearch quota enhancements and balance notify hint

2026-04-14 09:36:40 +08:00

router.go

fix(security): add JWT auth + visibility check to pages API

2026-05-05 07:00:08 -07:00