Expand description
Multi-strategy authentication middleware.
Checks in order:
Authorization: Bearer <token>header → matches file-based API tokentuitbot_sessioncookie → SHA-256 hash lookup in sessions table- Neither → 401 Unauthorized
For cookie-authenticated requests, mutating methods (POST/PATCH/DELETE/PUT)
require a valid X-CSRF-Token header matching the session’s CSRF token.
Functions§
- auth_
middleware - Axum middleware that enforces multi-strategy authentication.