fix: AppAuthMiddleware add_middleware 重新加回

This commit is contained in:
Your Name
2026-05-30 02:46:11 +08:00
parent c808c28edf
commit f5bea6f0d2
+3
View File
@@ -400,6 +400,9 @@ class SecurityHeadersMiddleware:
app.add_middleware(SecurityHeadersMiddleware)
# AppAuth: protect /app/ HTML pages behind refresh-cookie (standalone, before JWT/DB/CORS)
app.add_middleware(AppAuthMiddleware)
# F2a-10 / F2d-02: global JWT gate for all /api/* (inside DbSession — uses request.state.db)
app.add_middleware(JwtAuthMiddleware)