- AuthMiddleware now requires auth on /v1/* routes (returns 401) - WebSocket origin check configurable via WSAllowedOrigin - Removed debug fmt.Printf leaks (config, ollama, server) - Registry access protected by sync.RWMutex (race condition fix) - Session cleanup goroutine runs every 15 min - RevokeSession returns error instead of silent no-op
Added JSON tags to the User struct to match frontend expectations and excluded sensitive fields. Updated session management to include and persist DisplayName. Unified user field names (using display_name) across backend, sessions, and frontend UI.
This commit replaces the Axum/Rust backend with a Gin/Go implementation. The original Rust code has been archived in the 'rust' branch.
hobokenchicken