cannaiq

Creationshop/cannaiq

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kelly	2513e22171	fix(security): Add auth middleware to unprotected API endpoints Security audit identified 8 endpoint groups that were publicly accessible without authentication. Added authMiddleware and requireRole where appropriate. Protected endpoints: - /api/payloads/* - authMiddleware (trusted origins or API token) - /api/job-queue/* - authMiddleware + requireRole('admin') - /api/workers/* - authMiddleware - /api/worker-registry/* - authMiddleware (pods access via trusted IPs) - /api/k8s/* - authMiddleware + requireRole('admin') - /api/pipeline/* - authMiddleware + requireRole('admin') - /api/tasks/* - authMiddleware + requireRole('admin') - /api/admin/orchestrator/* - authMiddleware + requireRole('admin') Also: - Added API_SECURITY.md documentation - Filter AI settings from /settings page (managed in /ai-settings) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-12-12 00:30:08 -07:00
Kelly	6f0a58f5d2	fix(k8s): Correct API call signatures for k8s client v1.4 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-11 08:47:27 -07:00
Kelly	8206dce821	feat(admin): Worker scaling controls via k8s API - Add /api/k8s/workers endpoint to get deployment status - Add /api/k8s/workers/scale endpoint to scale replicas (0-50) - Add worker scaling UI to Tasks Dashboard (+/- 5 workers) - Shows ready/desired replica count - Uses in-cluster config in k8s, kubeconfig locally 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-11 08:24:32 -07:00

Author

SHA1

Message

Date

Kelly

2513e22171

fix(security): Add auth middleware to unprotected API endpoints

Security audit identified 8 endpoint groups that were publicly accessible
without authentication. Added authMiddleware and requireRole where appropriate.

Protected endpoints:
- /api/payloads/* - authMiddleware (trusted origins or API token)
- /api/job-queue/* - authMiddleware + requireRole('admin')
- /api/workers/* - authMiddleware
- /api/worker-registry/* - authMiddleware (pods access via trusted IPs)
- /api/k8s/* - authMiddleware + requireRole('admin')
- /api/pipeline/* - authMiddleware + requireRole('admin')
- /api/tasks/* - authMiddleware + requireRole('admin')
- /api/admin/orchestrator/* - authMiddleware + requireRole('admin')

Also:
- Added API_SECURITY.md documentation
- Filter AI settings from /settings page (managed in /ai-settings)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-12 00:30:08 -07:00

Kelly

6f0a58f5d2

fix(k8s): Correct API call signatures for k8s client v1.4

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-11 08:47:27 -07:00

Kelly

8206dce821

feat(admin): Worker scaling controls via k8s API

- Add /api/k8s/workers endpoint to get deployment status
- Add /api/k8s/workers/scale endpoint to scale replicas (0-50)
- Add worker scaling UI to Tasks Dashboard (+/- 5 workers)
- Shows ready/desired replica count
- Uses in-cluster config in k8s, kubeconfig locally

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-11 08:24:32 -07:00

3 Commits