Skip to content

Add security policy for unscoped endpoints#2099

Merged
MarceloRGonc merged 2 commits intomainfrom
mg/OPS-3885
Mar 10, 2026
Merged

Add security policy for unscoped endpoints#2099
MarceloRGonc merged 2 commits intomainfrom
mg/OPS-3885

Conversation

@MarceloRGonc
Copy link
Contributor

@MarceloRGonc MarceloRGonc commented Mar 10, 2026

Fixes OPS-3885.

Copilot AI review requested due to automatic review settings March 10, 2026 16:30
@linear
Copy link

linear bot commented Mar 10, 2026

OPS-3885 Apply security policy to unscoped endpoints

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 10, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI reviewed Mar 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses OPS-3885 by ensuring previously “unscoped” authenticated endpoints explicitly declare a route security policy, aligning them with the newer route security policy configuration pattern used across the API.

Changes:

  • Add config.security using getUnscopedRoutePolicy([PrincipalType.USER]) to the /v1/users/me and /v1/users/tracking-events endpoints.
  • Add config.security using getUnscopedRoutePolicy([PrincipalType.USER]) to AI provider listing and detail endpoints.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
packages/server/api/src/app/user/user.module.ts Adds unscoped authenticated security policy to user “me” and tracking endpoints.
packages/server/api/src/app/ai/providers/ai-providers.controller.ts Adds unscoped authenticated security policy to AI providers endpoints.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MarceloRGonc MarceloRGonc merged commit 1cef4f2 into main Mar 10, 2026
21 checks passed
@MarceloRGonc MarceloRGonc deleted the mg/OPS-3885 branch March 10, 2026 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bigfluffycookie bigfluffycookie bigfluffycookie approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MarceloRGonc @bigfluffycookie