Felipe Cardoso
|
1f66c9fab1
|
fix(sse): Fix critical SSE auth and URL issues
1. Fix SSE URL mismatch (CRITICAL):
- Frontend was connecting to /events instead of /events/stream
- Updated useProjectEvents.ts to use correct endpoint path
2. Fix SSE token authentication (CRITICAL):
- EventSource API doesn't support custom headers
- Added get_current_user_sse dependency that accepts tokens from:
- Authorization header (preferred, for non-EventSource clients)
- Query parameter 'token' (fallback for browser EventSource)
- Updated SSE endpoint to use new auth dependency
- Both auth methods now work correctly
Files changed:
- backend/app/api/dependencies/auth.py: +80 lines (new SSE auth)
- backend/app/api/routes/events.py: +23 lines (query param support)
- frontend/src/lib/hooks/useProjectEvents.ts: +5 lines (URL fix)
All 20 backend SSE tests pass.
All 17 frontend useProjectEvents tests pass.
|
2025-12-31 11:59:33 +01:00 |
|
Felipe Cardoso
|
c524dc79cd
|
fix: Add missing API endpoints and validation improvements
- Add cancel_sprint and delete_sprint endpoints to sprints.py
- Add unassign_issue endpoint to issues.py
- Add remove_issue_from_sprint endpoint to sprints.py
- Add CRUD methods: remove_sprint_from_issues, unassign, remove_from_sprint
- Add validation to prevent closed issues in active/planned sprints
- Add authorization tests for SSE events endpoint
- Fix IDOR vulnerabilities in agents.py and projects.py
- Add Syndarix models migration (0004)
|
2025-12-30 15:39:51 +01:00 |
|