You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

veypi 4c021e7e93 refactor(auth): Migrate token delivery to HttpOnly Cookie with version-based revocation ... - Replace JWT in response body with HttpOnly Cookie (vb_access/vb_refresh) to prevent XSS token theft - Add Redis-based token version management with ±1 tolerance for multi-tab concurrent refresh - Implement strict refresh token rotation: version must match exactly, increment on each refresh - Simplify JWT Claims to only carry UserID + Type + Version, remove user profile fields - Remove session-based token tracking and cache blacklist in favor of version increment revocation - Remove getAuthHeaders, wrapAxios, wrapFetch, isExpired from frontend VBase client - Remove client-side token/localStorage management, frontend now relies on Cookie auto-attach - Add CookiePath config option and change default access token expiry from 24h to 15min - Update Vigo app initialization to use functional options pattern - Add empty-body cookie read fallback in refresh endpoint		3 weeks ago
..
jwt.go	refactor(auth): Migrate token delivery to HttpOnly Cookie with version-based revocation	3 weeks ago