Nautilus/ledgerdock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update cookie

Browse Source
This commit is contained in:
Beda Schmid
2026-03-02 18:23:48 -03:00
parent 1a04b23e89
commit 3f7cdee995
5 changed files with 55 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/api-contract.md
View File

@@ -19,7 +19,7 @@ Primary implementation modules:
- Login brute-force protection enforces Redis-backed throttle checks keyed by username and source IP.
- State-changing requests from browser clients must send `x-csrf-token: <dcm_csrf>` in request headers (double-submit pattern).
- For non-browser API clients, the optional `Authorization: Bearer <token>` path remains supported when the token is sent explicitly.
- `GET /auth/me` returns current identity and role.
- `GET /auth/me` returns current identity, role, and current CSRF token.
- `POST /auth/logout` revokes current session token.
Role matrix: