diegosouzapw/OmniRoute v1.2.0
v1.2.0 — Dashboard Session Auth for Models Endpoint

on GitHub

latest releases: v3.5.9, v3.5.8, v3.5.7...

one month ago

✨ Feature Release — Dashboard Session Auth for Models Endpoint

Dashboard users can now access /v1/models via their existing session when API key auth is required.

✨ New Features

JWT Session Auth Fallback — When requireAuthForModels is enabled, the /v1/models endpoint now accepts both API key (Bearer token) for external clients and the dashboard JWT session cookie (auth_token), allowing logged-in dashboard users to view models without needing an explicit API key (PR #110 by @nyatoru)

🔧 Improvements

401 instead of 404 — Authentication failures on /v1/models now return 401 Unauthorized with a structured JSON error body (OpenAI-compatible format) instead of a generic 404 Not Found
Simplified auth logic — Refactored the JWT cookie verification, removing redundant same-origin detection (~60 lines) since the sameSite:lax + httpOnly cookie flags already provide CSRF protection

Full Changelog: v1.1.1...v1.2.0

Check out latest releases or
releases around diegosouzapw/OmniRoute v1.2.0

Don't miss a new OmniRoute release

NewReleases is sending notifications on new releases.

Get notifications