api: drop bearer-token gate from /api/* CRUD + simulate
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
The SPA can't carry a Bearer header — there's no client-side mechanism to obtain the RECOMPUTE_BEARER_TOKEN, and the value can't safely be embedded in the JS bundle. Result: every POST/PATCH/DELETE on scenarios/life-events/goals + every /simulate + /compare returned 401 in prod, breaking the SPA end-to-end. Strip require_bearer from the routers. Authentik forward-auth on the SPA path (/) is now the security boundary; /api/* is open at both ingress + app level. Single-tenant personal tool — the data is the user's own anonymous numeric projections. Kept on /recompute (heavy admin batch in app.py) since that's an operator action, not a user one. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
2efd1edad0
commit
f781afe3fa
4 changed files with 2 additions and 14 deletions
|
|
@ -15,9 +15,8 @@ from decimal import Decimal
|
|||
from pathlib import Path
|
||||
|
||||
import numpy as np
|
||||
from fastapi import APIRouter, Depends, HTTPException
|
||||
from fastapi import APIRouter, HTTPException
|
||||
|
||||
from fire_planner.api.auth import require_bearer
|
||||
from fire_planner.api.schemas import (
|
||||
CompareRequest,
|
||||
CompareResult,
|
||||
|
|
@ -32,7 +31,7 @@ from fire_planner.returns.shiller import load_from_csv, synthetic_returns
|
|||
from fire_planner.scenarios import build_regime_schedule, build_strategy
|
||||
from fire_planner.simulator import SimulationResult, simulate
|
||||
|
||||
router = APIRouter(tags=["simulate"], dependencies=[Depends(require_bearer)])
|
||||
router = APIRouter(tags=["simulate"])
|
||||
|
||||
_RETURNS_CSV = Path("/data/shiller_returns.csv")
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue