- Change BindMode from bool to *bool in thirdparty auth for proper optional handling
- Change Error field from string to *string in OAuth callback request
- Change Email and Phone to *string pointers in bind with register request
- Add public /api/info endpoint for frontend configuration
- Update OAuth token request to use pointers for optional code and refresh_token
- Add desc tags to various request struct fields for API documentation
- Fix path parameter binding with explicit @code suffix for OAuth providers
- Change Description field to *string pointer in role creation
- Change Category field to *string pointer in settings list
- Add 'clean_run.sh' script to reset database and restart server for clean test environment
- Update 'README.md' with detailed troubleshooting guide and pitfalls
- Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality
- Update 'run_all.sh' to include new middleware test
- Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments
- Update '02_resource_perm.sh' to fix admin permission checks
- Remove debug logging from 'auth.go'
Use database transaction for batch settings update to ensure atomicity.
If any individual update fails, the entire batch will be rolled back,
preventing partial configuration updates.
- Wrap all updates in db.Transaction()
- Return detailed error on failure
Add permission check in settings update API to ensure only admin users
can modify system settings. This fixes a security vulnerability where
any authenticated user could modify critical configurations.
- Check 'setting:update' permission before allowing updates
- Return 403 Forbidden for non-admin users
veypi