fix(tts): require authentication for TTS endpoints (#1101)
Move TTS routes behind auth middleware and attach JWT to local proxy requests from the frontend. Previously both /api/hermes/tts and /api/tts/proxy/audio/speech were publicly accessible without authentication, allowing unauthenticated callers to consume Edge TTS resources through the server. Changes: - server: move ttsRoutes from public to protected route section - client: auto-attach JWT when baseUrl is a local path (/...) and no external API key is configured - client: import getApiKey() instead of raw localStorage access
This commit is contained in:
GoldenFishX
@@ -43,13 +43,13 @@ export function registerRoutes(app: any, authMiddleware: Array<(ctx: Context, ne
|
||||
app.use(healthRoutes.routes())
|
||||
app.use(webhookRoutes.routes())
|
||||
app.use(authPublicRoutes.routes())
|
||||
app.use(ttsRoutes.routes()) // TTS proxy/generation — must be before auth
|
||||
|
||||
// --- Auth middleware: all routes below require authentication ---
|
||||
authMiddleware.forEach((middleware) => app.use(middleware))
|
||||
|
||||
// --- Protected routes (auth required) ---
|
||||
app.use(authProtectedRoutes.routes())
|
||||
app.use(ttsRoutes.routes())
|
||||
app.use(uploadRoutes.routes())
|
||||
app.use(updateRoutes.routes()) // Must be before proxy (proxy catch-all matches everything)
|
||||
app.use(sessionRoutes.routes())
|
||||
|
||||
Reference in New Issue
Block a user