feat: Phases 1-5 production improvements + 8 bug fixes
ef8fd29
AuthorBotcommited on
Fix: Make TOTP optional when not configured β prevents locking out existing SuperAdmins
b9169bd
AuthorBotcommited on
Production hardening: JWT blacklist, TOTP, Pydantic schemas, Prometheus, SSRF fix, CSP, Redis auth, Celery backup β 35 items across P0-P5
131d826
AuthorBotcommited on
Enforce strict SuperAdmin vs Author panel separation.
6e276e0
AuthorBotCursorcommited on
Fix chat session init crash and improve embed reliability
2b2591e
AuthorBotcommited on
CRITICAL: safe rollback in get_db - session.rollback() was masking HTTPException(401) when no transaction active, causing bare 500 responses
b5db918
AuthorBotcommited on
CRITICAL FIX: use HTTPException(401) instead of custom InvalidTokenError in get_current_user - FastAPI handles HTTPException natively in dependency injection, custom exceptions were escaping to bare 500
630918d
AuthorBotcommited on
Fix SuperAdmin 500 errors: harden get_current_user against null/undefined/expired tokens, return 401 instead of 500; harden SuperAdmin apiGet/apiPost with defensive JSON parsing and 401/403 redirect to login; fix grant_access serialization
ed8ccd5
AuthorBotcommited on
Feat: auto-seed superadmin from SUPER_ADMIN_USER/SUPER_ADMIN_PASS env vars on startup