Skip to content

refactor(auth)!: authentication is always on; remove FROID_AUTH_ENABLED#97

Merged
asiniscalchi merged 1 commit into
mainfrom
feature/always-on-auth
Jun 11, 2026
Merged

refactor(auth)!: authentication is always on; remove FROID_AUTH_ENABLED#97
asiniscalchi merged 1 commit into
mainfrom
feature/always-on-auth

Conversation

@asiniscalchi

Copy link
Copy Markdown
Owner

The HTTP listener now unconditionally requires bearer tokens minted via the Telegram /token command — there is no unauthenticated mode and no way to misconfigure an exposed instance into serving journals openly. The single-tenant router layout and the legacy-database HTTP binding are gone; the default database now only hosts the central token store.

FROID_AUTH_ENABLED joins the other removed auth variables as a hard startup error so the change cannot go unnoticed. The Telegram whitelist is now the gate deciding who can mint HTTP credentials, which the README calls out.

The HTTP listener now unconditionally requires bearer tokens minted via
the Telegram /token command — there is no unauthenticated mode and no
way to misconfigure an exposed instance into serving journals openly.
The single-tenant router layout and the legacy-database HTTP binding
are gone; the default database now only hosts the central token store.

FROID_AUTH_ENABLED joins the other removed auth variables as a hard
startup error so the change cannot go unnoticed. The Telegram whitelist
is now the gate deciding who can mint HTTP credentials, which the
README calls out.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@asiniscalchi asiniscalchi merged commit 4545631 into main Jun 11, 2026
3 checks passed
@asiniscalchi asiniscalchi deleted the feature/always-on-auth branch June 11, 2026 07:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant