Skip to content

Security: document route auth threat model and helper trust boundaries #19

Description

@joeblack2k

Problem

AUTH_MODE, helper app-passwords, TRUST_REMOTE_USER_HEADER, public bootstrap routes, and helper auto-enroll now interact in several places. The intended trust boundaries should be documented so future route changes do not accidentally widen access.

Desired outcome

Create a concise route-auth threat model and maintenance checklist.

Acceptance criteria

  • Document which endpoints are public, session/proxy-authenticated, app-password-authenticated, or helper-bootstrap eligible.
  • Document the reverse-proxy requirement for TRUST_REMOTE_USER_HEADER=true.
  • Document that helper identity headers are not credentials by themselves.
  • Add/update tests when new helper-facing routes are introduced.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions