coop/rose-ash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
984ef9c65e358154a2233fd339f50c087d5e9dcd
rose-ash/shared/infrastructure
History
giles 984ef9c65e
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m25s
Details
Fix session security: clear stale sessions after DB rebuild 
Two issues fixed:
- Sessions with uid but no grant_token (legacy or corrupt) were not
  validated at all, allowing a user to be logged in as whoever got
  their old numeric user ID after a DB rebuild
- DB errors during grant verification silently kept stale sessions
  alive; now treated as invalid to fail-safe

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 12:17:53 +00:00
..
__init__.py
Monorepo: consolidate 7 repos into one
2026-02-24 19:44:17 +00:00
actions.py
Decouple all cross-app service calls to HTTP endpoints
2026-02-25 03:01:38 +00:00
activitypub.py
Fix AP blueprint cross-DB queries + harden Ghost sync init
2026-02-25 14:06:42 +00:00
ap_inbox_handlers.py
Show per-app actor in follow notifications on Hub
2026-02-25 09:17:34 +00:00
ap_social.py
Fix AP blueprint cross-DB queries + harden Ghost sync init
2026-02-25 14:06:42 +00:00
auth_redis.py
Split databases and Redis — prepare infrastructure for per-domain isolation
2026-02-25 02:20:34 +00:00
cart_identity.py
Monorepo: consolidate 7 repos into one
2026-02-24 19:44:17 +00:00
context.py
Monorepo: consolidate 7 repos into one
2026-02-24 19:44:17 +00:00
data_client.py
Decouple all cross-app service calls to HTTP endpoints
2026-02-25 03:01:38 +00:00
factory.py
Fix session security: clear stale sessions after DB rebuild
2026-02-26 12:17:53 +00:00
fragments.py
Add Phase 5: link-card fragments, oEmbed endpoints, OG meta
2026-02-24 21:44:11 +00:00
ghost_admin_token.py
Decouple cross-domain DB queries for per-app database split
2026-02-25 11:32:14 +00:00
http_utils.py
Monorepo: consolidate 7 repos into one
2026-02-24 19:44:17 +00:00
jinja_setup.py
Remove widget system — fully replaced by fragment composition
2026-02-25 01:20:58 +00:00
oauth.py
Decouple cross-domain DB queries for per-app database split
2026-02-25 11:32:14 +00:00
oembed.py
Add Phase 5: link-card fragments, oEmbed endpoints, OG meta
2026-02-24 21:44:11 +00:00
urls.py
Monorepo: consolidate 7 repos into one
2026-02-24 19:44:17 +00:00
user_loader.py
Split databases and Redis — prepare infrastructure for per-domain isolation
2026-02-25 02:20:34 +00:00