Skip to content

v0.6.0

Choose a tag to compare

View all tags
@Endogen Endogen released this 12 Mar 14:01
· 5 commits to main since this release
v0.6.0
5932c47

What's New

Inverted Auth Model

  • All routes are now protected by default when WEB2API_ACCESS_TOKEN is set
  • Only / and /health are public by default
  • New WEB2API_PUBLIC_PATHS env var to whitelist additional public routes
  • Supports exact paths and shell-style glob patterns (e.g. /allenai/*, /*/search)

Migration from v0.5.0

Previously only /api/recipes/manage* and /mcp* required auth. Now everything does unless whitelisted.

If you want scrape endpoints to remain public, set:

WEB2API_PUBLIC_PATHS=/api/sites,/your-recipe/*

Other

  • Updated README with new auth model documentation
  • Extended test coverage for auth patterns
Assets 2
Loading