openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: key recovery via email verification (BUG-014)

Browse source 
- POST /v1/recover: request recovery code
- POST /v1/recover/verify: verify code, receive key via email
- Key sent via email only (not in API response) for security
- Rate limited to 3 attempts per hour
- Non-enumerable: same response whether email exists or not
- DKIM-signed emails via postfix/opendkim
This commit is contained in:
OpenClaw 2026-02-14 19:26:47 +00:00
parent 874bbc4267
commit 87a49d8e93
4 changed files with 433 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/index.ts
View file

@ -7,6 +7,7 @@ import { convertRouter } from "./routes/convert.js";
import { templatesRouter } from "./routes/templates.js";
import { healthRouter } from "./routes/health.js";
import { signupRouter } from "./routes/signup.js";
import { recoverRouter } from "./routes/recover.js";
import { billingRouter } from "./routes/billing.js";
import { authMiddleware } from "./middleware/auth.js";
import { usageMiddleware } from "./middleware/usage.js";
@ -67,6 +68,7 @@ app.use(limiter);
// Public routes
app.use("/health", healthRouter);
app.use("/v1/signup", signupRouter);
app.use("/v1/recover", recoverRouter);
app.use("/v1/billing", billingRouter);
// Authenticated routes