member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
90 Commits 1 Branch 0 Tags
c394e9153eef819d5677bd5440b600db04193411
Commit Graph

90 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris
c394e9153e Rename integration workspace to member-platform 2026-04-03 03:32:22 +08:00
Chris
0e248db1bf Update submodule URLs to Gitea remotes 2026-04-03 03:28:03 +08:00
Chris
1d2a57fada Split frontend and backend into separate submodule repos 2026-04-03 03:19:48 +08:00
Chris
528b988207 Switch backend Docker image to Alpine multi-stage 2026-04-03 03:12:19 +08:00
Chris
40d9fb8dcf Add production Dockerfile for backend deployment 2026-04-03 03:11:28 +08:00
Chris
fc81696abf Switch access control from groups to realm roles 2026-04-03 03:03:43 +08:00
Chris
daa21e81a9 Remove duplicate internal permissions snapshot API 2026-04-03 02:46:55 +08:00
Chris
955019e8d7 Add Redis-backed cache backend with env switch 2026-04-03 02:38:54 +08:00
Chris
ed413ce39d Add in-memory read cache with CUD-based invalidation 2026-04-03 02:32:38 +08:00
Chris
fa624127c8 Speed up auth verification with JWKS/admin token caching 2026-04-03 02:20:54 +08:00
Chris
418a7b7099 Sync site-role assignments to Keycloak group role mappings 2026-04-03 02:14:01 +08:00
Chris
223edd49b5 fix: respect admin site list limit when loading role site options 2026-04-03 01:58:08 +08:00
Chris
d59407d04c feat: allow assigning sites directly from role page 2026-04-03 01:56:22 +08:00
Chris
2004203758 chore: silence introspection fallback warning noise 2026-04-03 01:53:35 +08:00
Chris
1ff0589b29 refactor: simplify schema names and remove provider id columns 2026-04-03 01:49:36 +08:00
Chris
6e43a3b2c8 feat: add global manual sync button in admin header 2026-04-03 01:25:34 +08:00
Chris
21167659f8 perf: disable read-time sync and keep provider sync manual 2026-04-03 01:23:42 +08:00
Chris
f351fe6454 fix: sync role CRUD with provider client roles 2026-04-03 01:17:13 +08:00
Chris
6adca8c229 fix: add provider column migration script for existing db 2026-04-03 01:10:13 +08:00
Chris
ef27162903 refactor: rename idp fields to provider naming 2026-04-03 01:05:01 +08:00
Chris
467f2b4867 refactor(idp-groups): use display name as keycloak group name 2026-04-03 00:53:31 +08:00
Chris
7660c662a5 feat(sync): keycloak as source-of-truth with auto catalog sync and token refresh 2026-04-03 00:46:46 +08:00
Chris
7986160d9e fix(auth): resolve admin groups via keycloak admin API when token lacks groups 2026-04-03 00:28:32 +08:00
Chris
6ae907d649 fix(auth): accept keycloak group path variants for admin guard 2026-04-03 00:24:32 +08:00
Chris
2ce9630a5e fix(backend): postpone annotations to avoid list() type shadowing crash 2026-04-03 00:22:00 +08:00
Chris
5837582c0f feat(frontend): migrate admin UI to role-site model and clean legacy pages 2026-04-03 00:18:39 +08:00
Chris
1e1d913103 refactor: rebuild backend around role-site authorization model 2026-04-02 23:58:13 +08:00
Chris
e2dd3ce106 docs: add clickable links for file paths in markdown 2026-04-02 23:38:17 +08:00
Chris
16bbfdba24 docs: rebuild architecture and taskplans for role-site model 2026-04-02 23:35:05 +08:00
Chris
7cdf2b5a51 refactor(keycloak): remove authentik naming and switch to keycloak-only paths 2026-04-01 02:01:41 +08:00
Chris
a9c7cb5f39 fix(auth): relax keycloak audience check and auto-redirect logged-in user 2026-04-01 01:48:06 +08:00
Chris
f0fd5d6e68 fix(auth-callback): redirect to login after successful oidc callback 2026-04-01 01:46:33 +08:00
Chris
b0de6ad94a fix(oidc): add PKCE support for keycloak login flow 2026-04-01 01:43:53 +08:00
Chris
a1eb7ef41b feat(login): simplify to single keycloak redirect button 2026-04-01 01:35:46 +08:00
Chris
07195e7efc fix(login): unify auth entry to single keycloak login page 2026-04-01 01:33:27 +08:00
Chris
dc2811ec61 chore(env): use member-frontend oidc client and keep member-backend admin client 2026-04-01 01:30:44 +08:00
Chris
0b61975c81 chore(env): configure keycloak master client for local backend 2026-04-01 01:20:46 +08:00
Chris
34ba57034d feat(idp): add keycloak-first support with authentik fallback 2026-04-01 00:41:38 +08:00
Chris
febfafc55c fix(login): switch frontend account login to oidc flow 2026-03-31 23:43:57 +08:00
Chris
80a571d227 feat(login): support both password and Google SSO entry on login page 2026-03-31 23:18:28 +08:00
Chris
fe6453f6f8 refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id 2026-03-31 22:32:48 +08:00
Chris
316d17027b docs(api): add internal API contract and expose response schemas in swagger 2026-03-31 22:20:24 +08:00
Chris
15da8a5341 fix(internal): return correct system_key in modules list 2026-03-31 22:02:56 +08:00
Chris
671e27447b refactor(internal): switch auth to api-client headers 2026-03-31 21:09:18 +08:00
Chris
322db6ee1a fix(member): delete authentik user when removing member 2026-03-31 21:01:15 +08:00
Chris
f6f86d4bfb feat(admin): add delete APIs and UI actions for all admin resources 2026-03-31 20:58:20 +08:00
Chris
c4492a3072 fix(api-clients): fallback api-key hashing without argon2; show site/module parent display names 2026-03-31 20:35:04 +08:00
Chris
1d9bdb7daa feat(admin): add api client management UI and backend CRUD/rotate endpoints 2026-03-30 23:28:27 +08:00
Chris
ccb99683b8 feat(members): split username/display_name, sync updates to authentik, add password reset API and refresh docs 2026-03-30 22:15:41 +08:00
Chris
e1a6bbd844 refactor(auth): use group-only admin access and remove admin api-key flow from frontend/admin routes 2026-03-30 21:39:43 +08:00