From d47e1c52a807c8d73e4df3f877d2f2e158e8b3a1 Mon Sep 17 00:00:00 2001 From: jester Date: Sun, 28 Dec 2025 22:27:24 +0000 Subject: [PATCH] Add Portal Migration to APIv2 Auth thread - legacy assumptions, blocking items, open questions --- OPEN_THREADS.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/OPEN_THREADS.md b/OPEN_THREADS.md index 609479f..0d58594 100644 --- a/OPEN_THREADS.md +++ b/OPEN_THREADS.md @@ -1,4 +1,4 @@ -# Open Threads – zlh-grind +# Open Threads — zlh-grind This file tracks items that are unresolved, under investigation, or explicitly deferred. @@ -64,4 +64,25 @@ This file tracks items that are unresolved, under investigation, or explicitly d - PM2 usage - React Router - HUD/scanline UI experiments -- Neon accent palette \ No newline at end of file +- Neon accent palette + +--- + +## Portal Migration to APIv2 Auth (Open) + +### Context +- Portal was originally built against APIv1 + Pterodactyl +- APIv2 auth is now live and verified +- Portal login + data access must be realigned + +### Open Questions +- Which API routes should be protected first by auth? +- When should refresh-token or session renewal be added (if ever)? +- Should roles/scopes be enforced now or deferred? + +### Blocking Items +- Portal login page still assumes CSRF + legacy flows +- Legacy API abstractions still present in portal repo + +### Owner +- Portal Team