jester/zlh-grind
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Add Authentication Constraints section - APIv2 stateless JWT, no CSRF, no cookies, forbidden patterns

Browse Source
This commit is contained in:
jester 2025-12-28 22:27:49 +00:00
parent d47e1c52a8
commit 6e353c381f
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CONSTRAINTS.md
View File

@ -41,3 +41,12 @@ They exist to prevent architectural drift, instability, and "demo-ware" UI patte
- Brand: **ZeroLagHub** - Brand: **ZeroLagHub**
- Shorthand: **ZLH** - Shorthand: **ZLH**
- Gaming heritage is acceptable, esports aesthetic is not. - Gaming heritage is acceptable, esports aesthetic is not.
## Authentication Constraints (APIv2)
- APIv2 authentication is stateless
- JWT tokens are issued by APIv2 only
- No CSRF protection is allowed
- No cookies are allowed for auth
- Portal stores tokens client-side (sessionStorage)
- APIv1 and Pterodactyl auth patterns are forbidden