fix: exempt /api/clubs/me from tenant validation

Browse Source

- Add path exemption in TenantValidationMiddleware for /api/clubs/me
- Change authorization policy from RequireMember to RequireViewer
- Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app not workclub-api)
- Endpoint now works without X-Tenant-Id header as intended
- Other endpoints still protected by tenant validation

This fixes the chicken-and-egg problem where frontend needs to call
/api/clubs/me to discover available clubs before selecting a tenant.

...

This commit is contained in:

WorkClub Automation

2026-03-05 21:32:37 +01:00

parent 18be0fb183

commit ffc4062eba

45 changed files with 5519 additions and 579 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

.sisyphus/evidence/final-qa/s36-login-success.png Normal file

Binary file not shown.

Side by Side After Width:  |  Height:  |  Size: 15 KiB