Skip to content
Cube Commons Docs

Section Gate

The section gate is the core access control mechanism. Every request passes through it after token validation.

Section Registry

Section titled “Section Registry”

Sections are defined in worker/sections.js. Each section has:

  • pathPrefix — the URL path prefix that maps to this section
  • defaultRole — minimum role required (visitor, reviewer, founder)
  • totpRequired — whether TOTP 2FA is mandatory for this section

Scope Resolution

Section titled “Scope Resolution”

Token scope is resolved hierarchically. A token scoped to transparency grants access to:

  • transparency (the hub)
  • sustainability.transparency
  • governance.transparency
  • economics.transparency
  • grants.transparency
  • fleetcosts.transparency

The matching uses suffix comparison: sectionKey.endsWith('.' + scopeKey).

Utility Paths

Section titled “Utility Paths”

Some paths bypass the gate entirely (no token required):

  • /404 — error page
  • /rss.xml — RSS feed
  • /papers — public research papers
  • /totp/verify — TOTP challenge page
  • /totp/enroll — TOTP enrollment page