f781afe3fa
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
The SPA can't carry a Bearer header — there's no client-side mechanism to obtain the RECOMPUTE_BEARER_TOKEN, and the value can't safely be embedded in the JS bundle. Result: every POST/PATCH/DELETE on scenarios/life-events/goals + every /simulate + /compare returned 401 in prod, breaking the SPA end-to-end. Strip require_bearer from the routers. Authentik forward-auth on the SPA path (/) is now the security boundary; /api/* is open at both ingress + app level. Single-tenant personal tool — the data is the user's own anonymous numeric projections. Kept on /recompute (heavy admin batch in app.py) since that's an operator action, not a user one. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| auth.py | ||
| dependencies.py | ||
| goals.py | ||
| life_events.py | ||
| networth.py | ||
| scenarios.py | ||
| schemas.py | ||
| simulate.py | ||