feat(demo): hidden /auth/demo login + require_human guard
Whitelisted emails enter the shared demo user via /auth/demo (lazily created, no OAuth token/scope), rate-limited per IP and answering uniformly so it can't be hammered as an enumeration oracle. Add a require_human dependency that blocks the demo account from quota-spending sync endpoints and the OAuth upgrade flow, and surface is_demo on /api/me.
This commit is contained in:
parent
9cac2cd335
commit
5936436d26
3 changed files with 86 additions and 8 deletions
|
|
@ -77,6 +77,7 @@ def get_me(
|
|||
"display_name": user.display_name,
|
||||
"avatar_url": user.avatar_url,
|
||||
"role": user.role,
|
||||
"is_demo": user.is_demo,
|
||||
"can_read": has_read_scope(user),
|
||||
"can_write": has_write_scope(user),
|
||||
"pending_invites": pending_invites,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue