Correct staff detection in IAM scope checks (
c6b04a2)
The IAM helper now distinguishes between an omitted user and an explicit null, so staff status is evaluated against the right account. This fixes incorrect authorization behavior that could affect sudo/admin capability checks.
Increase the frontend rate limit again (a4c6ada)
The Cloudflare worker limit for FRONTEND_RATELIMIT was raised from 30 to 60 requests per 60 seconds. This should reduce throttling for legitimate frontend traffic.
Other misc changes
- Rate limit tuning updated in Terraform (1 commit)