fix: Phase 1 - security & stability patches

- AuthMiddleware now requires auth on /v1/* routes (returns 401) - WebSocket origin check configurable via WSAllowedOrigin - Removed debug fmt.Printf leaks (config, ollama, server) - Registry access protected by sync.RWMutex (race condition fix) - Session cleanup goroutine runs every 15 min - RevokeSession returns error instead of silent no-op
2026-04-26 14:45:22 -04:00
parent da074f52b4
commit 8a8d8d1477
13 changed files with 448 additions and 105 deletions
@@ -10,10 +10,10 @@ require (
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
 	github.com/shirou/gopsutil/v3 v3.24.5
+	github.com/sony/gobreaker v1.0.0
 	github.com/spf13/viper v1.21.0
 	golang.org/x/crypto v0.48.0
 	modernc.org/sqlite v1.47.0
-	github.com/sony/gobreaker v1.0.0
 )

 require (