Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 01:35:36 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
b1a4ed13b0658d6c5aa07ea56895019dddb4e7e5
odysseus/routes
T
History
Alexandre Teixeira b1a4ed13b0 Harden API-token chat endpoint selection 
Validate only token-supplied direct base_url values for API-token chat requests, while keeping admin-configured endpoints available for local/LAN providers.

Scope configured endpoint fallback selection to the API token owner, fail closed for unknown token owners, and preserve strict session ownership checks when resuming sessions from chat-scoped API tokens.

Add focused regression coverage for direct base_url SSRF rejection, configured endpoint fallback behavior, token-owner scoping, URL validation, and null-owner session/endpoint handling.
2026-06-03 13:05:13 +01:00
..
__init__.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
admin_wipe_routes.py
Admin: wipe gallery albums with images
2026-06-02 20:35:57 +09:00
api_token_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
assistant_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
auth_routes.py
fix(auth): case-insensitive owner migration on username rename (#1183)
2026-06-02 23:18:15 +09:00
backup_routes.py
fix: backup import drops a user's memory when its text matches another user's (#1743)
2026-06-03 13:29:14 +09:00
calendar_routes.py
fix(calendar): keep recurring events with a UTC UNTIL from collapsing to one (#1383)
2026-06-03 14:24:14 +09:00
chat_helpers.py
fix: auto-naming for 24h time format (#1374)
2026-06-03 14:14:34 +09:00
chat_routes.py
fix: rewriting a message is lost on reload due to a non-existent DB column (#1729)
2026-06-03 13:31:19 +09:00
cleanup_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
compare_routes.py
feat(ai): add OpenRouter and Ollama Cloud providers (#231)
2026-06-01 14:26:10 +09:00
contacts_routes.py
fix(contacts): parse Apple/iCloud item-grouped vCard EMAIL/TEL properties (#1438)
2026-06-03 14:24:04 +09:00
cookbook_helpers.py
Cookbook: scoring fixes, UI polish, false-finished + stale-state bug fixes
2026-06-03 16:32:20 +09:00
cookbook_routes.py
Merge remote-tracking branch 'origin/main' into visual-pr-playground
2026-06-03 16:49:10 +09:00
diagnostics_routes.py
Fix email-thread HTML injection, attachment path traversal, and missing authz (#475)
2026-06-01 22:20:17 +09:00
document_helpers.py
fix: _resolve_user_upload_path crashes on a non-dict resolve_upload result (#1715)
2026-06-03 13:34:33 +09:00
document_routes.py
fix: document library language facet undercounts text documents (#1758)
2026-06-03 13:28:38 +09:00
editor_draft_routes.py
Ignore invalid editor draft payloads (#1533)
2026-06-03 14:07:03 +09:00
email_helpers.py
fix(email): guard _decode_header against unknown MIME charset (#1354)
2026-06-03 14:24:20 +09:00
email_pollers.py
Reconnect after a failed SEARCH ALL so the email poller doesn't desync IMAP (#1613) (#1748)
2026-06-03 13:28:53 +09:00
email_routes.py
fix: SMTP envelope recipients split on commas inside display names (#1464)
2026-06-03 14:23:58 +09:00
embedding_routes.py
Ignore non-object embedding endpoint config (#1260)
2026-06-03 14:12:41 +09:00
emoji_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
font_routes.py
Keep compact font family names together (#1263)
2026-06-03 14:24:30 +09:00
gallery_helpers.py
fix: gallery records raw instead of display dimensions for EXIF-rotated photos (#1667)
2026-06-03 14:23:04 +09:00
gallery_routes.py
fix: validate client-supplied image _endpoint to prevent SSRF (gallery proxies) (#1718)
2026-06-03 13:34:17 +09:00
history_routes.py
fix: history DB fallback returned hidden (compaction) messages to the client (#1726)
2026-06-03 13:30:11 +09:00
hwfit_routes.py
Merge remote-tracking branch 'origin/main' into visual-pr-playground
2026-06-03 16:49:10 +09:00
mcp_routes.py
Fix email-thread HTML injection, attachment path traversal, and missing authz (#475)
2026-06-01 22:20:17 +09:00
memory_routes.py
Auth: use require_user for remaining guarded routes
2026-06-02 20:55:50 +09:00
model_routes.py
feat(models): support pinned endpoint model IDs
2026-06-03 13:00:07 +01:00
note_routes.py
fix: fire-reminder endpoint crashes with NameError on _gcu (#1250)
2026-06-03 01:02:25 +09:00
personal_routes.py
fix: personal-docs path confinement used abspath, allowing symlink escape (#1728)
2026-06-03 13:29:57 +09:00
prefs_routes.py
Ignore non-object prefs JSON (#1257)
2026-06-03 14:12:45 +09:00
preset_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
research_routes.py
fix(auth): honor AUTH_ENABLED=false on owner-scoped endpoints (no /login loop) (#880)
2026-06-02 12:26:26 +09:00
search_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
session_routes.py
fix: archive browser model filter is suffix-only and drops matching models (#1709)
2026-06-03 13:34:54 +09:00
shell_routes.py
Add a 'Rebuild llama.cpp' Cookbook action to force a fresh GPU build (#1787)
2026-06-03 13:28:19 +09:00
signature_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
skills_routes.py
fix: skill test-task / precision helpers crash on a non-dict skill (#1638)
2026-06-03 08:59:24 +09:00
stt_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
task_routes.py
Polish email tasks and window controls
2026-06-01 20:56:46 +09:00
tts_routes.py
Odysseus v1.0
2026-05-31 23:58:26 +09:00
upload_routes.py
fix: use safe .get for id lookup in uploads.json to prevent KeyError (#1465)
2026-06-03 14:12:00 +09:00
vault_routes.py
Keep Bitwarden unlock password off argv (#1311)
2026-06-03 02:13:51 +09:00
webhook_routes.py
Harden API-token chat endpoint selection
2026-06-03 13:05:13 +01:00