fix: restore PATCH endpoints used by E2E + emergency-token fallback

register PATCH /api/v1/settings and PATCH /api/v1/security/acl (E2E expectations) add emergency-token-aware shortcut handlers (validate X-Emergency-Token → set admin context → invoke handler) preserve existing POST handlers and backward compatibility rebuild & redeploy E2E image, verified backend build success Why: unblocked failing Playwright E2E tests that returned 404s and were blocking the hotfix release
2026-01-27 22:43:33 +00:00
parent 949eaa243d
commit 0da6f7620c
39 changed files with 8428 additions and 180 deletions
--- a/.env.example
+++ b/.env.example
@@ -15,14 +15,24 @@ CHARON_ENCRYPTION_KEY=
 # Emergency Reset Token (Break-Glass Recovery)
 # =============================================================================

-# Emergency reset token - minimum 32 characters
+# Emergency reset token - REQUIRED for E2E tests (64 characters minimum)
 # Used for break-glass recovery when locked out by ACL or other security modules.
 # This token allows bypassing all security mechanisms to regain access.
 #
-# SECURITY WARNING: Keep this token secure and rotate it periodically.
+# SECURITY WARNING: Keep this token secure and rotate it periodically (quarterly recommended).
 # Only use this endpoint in genuine emergency situations.
+# Never commit actual token values to the repository.
 #
-# Generate with: openssl rand -hex 32
+# Generate with (Linux/macOS):
+#   openssl rand -hex 32
+#
+# Generate with (Windows PowerShell):
+#   [Convert]::ToBase64String([System.Security.Cryptography.RandomNumberGenerator]::GetBytes(32))
+#
+# Generate with (Node.js - all platforms):
+#   node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+#
+# REQUIRED for E2E tests - add to .env file (gitignored) or CI/CD secrets
 CHARON_EMERGENCY_TOKEN=

 # =============================================================================