member/member-backend

Go to file

Chris 06d78fbec2 chore: add local development env files and startup script

2026-03-29 23:34:34 +08:00

feat: add authentik admin user sync endpoint

2026-03-29 23:08:52 +08:00

chore: add local development env files and startup script

2026-03-29 23:34:34 +08:00

feat: add authentik admin user sync endpoint

2026-03-29 23:08:52 +08:00

.env

feat: add authentik jwt verification and me endpoints

2026-03-29 23:06:19 +08:00

.env.development

chore: add local development env files and startup script

2026-03-29 23:34:34 +08:00

.env.example

feat: add authentik jwt verification and me endpoints

2026-03-29 23:06:19 +08:00

.env.production.example

feat: add authentik jwt verification and me endpoints

2026-03-29 23:06:19 +08:00

pyproject.toml

feat: add authentik admin user sync endpoint

2026-03-29 23:08:52 +08:00

README.md

chore: add local development env files and startup script

2026-03-29 23:34:34 +08:00

README.md

memberapi.ose.tw backend

Quick start

cd backend
python -m venv .venv
source .venv/bin/activate
pip install -e .
cp .env.example .env
./scripts/start_dev.sh

Required DB setup

Initialize API client whitelist table with docs/API_CLIENTS_SQL.sql.
Initialize core tables with backend/scripts/init_schema.sql.
Generate api_key_hash and update api_clients records, e.g.:

python scripts/generate_api_key_hash.py 'YOUR_PLAIN_KEY'

Authentik JWT setup

Configure at least one of:
- AUTHENTIK_JWKS_URL
- AUTHENTIK_ISSUER (the service infers <issuer>/jwks/)
Optional:
- AUTHENTIK_AUDIENCE (enables audience claim validation)

Authentik Admin API setup

Required for /internal/authentik/users/ensure:
- AUTHENTIK_BASE_URL
- AUTHENTIK_ADMIN_TOKEN
- AUTHENTIK_VERIFY_TLS

Main APIs

GET /healthz
GET /me (Bearer token required)
GET /me/permissions/snapshot (Bearer token required)
POST /internal/users/upsert-by-sub
GET /internal/permissions/{authentik_sub}/snapshot
POST /internal/authentik/users/ensure
POST /admin/permissions/grant
POST /admin/permissions/revoke