Skip to content

feat: add access token scope-based permission control#1011

Merged
trim21 merged 8 commits into
masterfrom
scope
Jun 25, 2026
Merged

feat: add access token scope-based permission control#1011
trim21 merged 8 commits into
masterfrom
scope

Conversation

@trim21

@trim21 trim21 commented Feb 19, 2026

Copy link
Copy Markdown
Contributor

Add scope-based permission restrictions for access tokens. Currently supports two scopes: write:collection and write:indices. Legacy tokens without scope restrictions continue to work as before.

Changes

  • internal/auth: Add Scope field and HasScope method to Auth
  • web/mw: Add NeedScope middleware that checks token scope before allowing requests
  • web/routes: Apply NeedScope to write-protected endpoints
  • openapi/v0.yaml: Document scope in OpenAPI spec

@mergify

mergify Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Tick the box to add this pull request to the merge queue (same as @mergifyio queue).

  • Queue this pull request

@trim21 trim21 changed the title scope feat: add access token scope-based permission control Jun 25, 2026
@trim21 trim21 merged commit ae5861f into master Jun 25, 2026
8 of 9 checks passed
@trim21 trim21 deleted the scope branch June 25, 2026 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant