member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9 Commits 1 Branch 0 Tags
5e46c58dd4ea080a56108f699ab39fc44c3e9f82
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

memberapi.ose.tw backend

Quick start

cd backend
python -m venv .venv
source .venv/bin/activate
pip install -e .
cp .env.example .env
./scripts/start_dev.sh

Required DB setup

  1. Initialize API client whitelist table with docs/API_CLIENTS_SQL.sql.
  2. Initialize core tables with backend/scripts/init_schema.sql.
  3. Generate api_key_hash and update api_clients records, e.g.:
python scripts/generate_api_key_hash.py 'YOUR_PLAIN_KEY'

Authentik JWT setup

  • Configure at least one of:
    • AUTHENTIK_JWKS_URL
    • AUTHENTIK_ISSUER (the service infers <issuer>/jwks/)
  • Optional:
    • AUTHENTIK_AUDIENCE (enables audience claim validation)
    • AUTHENTIK_CLIENT_ID (used by /auth/login, fallback to AUTHENTIK_AUDIENCE)
    • AUTHENTIK_CLIENT_SECRET (required if your access/id token uses HS256 signing)
    • AUTHENTIK_TOKEN_ENDPOINT (default: <AUTHENTIK_BASE_URL>/application/o/token/)

Authentik Admin API setup

  • Required for /internal/authentik/users/ensure:
    • AUTHENTIK_BASE_URL
    • AUTHENTIK_ADMIN_TOKEN
    • AUTHENTIK_VERIFY_TLS

Main APIs

  • GET /healthz
  • POST /auth/login
  • GET /me (Bearer token required)
  • GET /me/permissions/snapshot (Bearer token required)
  • POST /internal/users/upsert-by-sub
  • GET /internal/permissions/{authentik_sub}/snapshot
  • POST /internal/authentik/users/ensure
  • POST /admin/permissions/grant
  • POST /admin/permissions/revoke
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 234 KiB
Languages
Python 96.5%
PLpgSQL 3%
Dockerfile 0.3%
Shell 0.2%