WorkClub Automation 18be0fb183 fix: exempt /api/clubs/me from tenant validation ...

- Add path exemption in TenantValidationMiddleware for /api/clubs/me
- Change authorization policy from RequireMember to RequireViewer
- Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app)
- Resolves frontend chicken-and-egg problem for club discovery

Verified:
- /api/clubs/me returns 200 OK without X-Tenant-Id header
- /api/tasks still requires X-Tenant-Id (400 Bad Request)
- Other endpoints unaffected

2026-03-05 21:32:34 +01:00

1.1 KiB

Raw Blame History

View Raw