anything-llm/server/models/browserExtensionApiKey.js at d79e5d7527dd27ff8db431c25d8287b2fa4d1304

mirror of https://github.com/Mintplex-Labs/anything-llm.git synced 2026-06-15 23:20:32 +03:00

Files

Timothy Carambat a207449095 Enforce user suspension check on browser extension API key path

Previously, suspended users could continue using browser extension
endpoints if they had created an API key before suspension. The normal
JWT session path blocked suspended users, but the browser extension
middleware did not.

Changes:
- Add suspension and user existence checks to validBrowserExtensionApiKey
- Delete browser extension API keys when a user is deleted
- Add deleteAllForUser method to BrowserExtensionApiKey model
GHSA-7754-8jcc-2rg3

2026-03-13 10:05:05 -07:00

5.7 KiB

Raw Blame History

View Raw

5.7 KiB Raw Blame History

5.7 KiB

Raw Blame History