Problem
`autobot-slm-backend/api/events.py` exposes:
No authentication dependency is present on the router or the endpoint. An
unauthenticated caller can push arbitrary event data into the SLM event
stream.
Fix
Add auth dependency to the router:
```python
from services.auth import get_current_user
router = APIRouter(
prefix="/events",
tags=["events"],
dependencies=[Depends(get_current_user)],
)
```
If `/events/sync` is intended as an internal service-to-service endpoint,
it should use service token auth from `autobot_shared` instead of being
fully open.
Discovery
Found during auth coverage audit triggered by PR #3438 (#3423 fix).
Problem
`autobot-slm-backend/api/events.py` exposes:
No authentication dependency is present on the router or the endpoint. An
unauthenticated caller can push arbitrary event data into the SLM event
stream.
Fix
Add auth dependency to the router:
```python
from services.auth import get_current_user
router = APIRouter(
prefix="/events",
tags=["events"],
dependencies=[Depends(get_current_user)],
)
```
If `/events/sync` is intended as an internal service-to-service endpoint,
it should use service token auth from `autobot_shared` instead of being
fully open.
Discovery
Found during auth coverage audit triggered by PR #3438 (#3423 fix).