member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71 Commits 1 Branch 0 Tags
ef271629036dde19f1527c0b4e2167d40a82f915
Commit Graph

71 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris
ef27162903 refactor: rename idp fields to provider naming 2026-04-03 01:05:01 +08:00
Chris
467f2b4867 refactor(idp-groups): use display name as keycloak group name 2026-04-03 00:53:31 +08:00
Chris
7660c662a5 feat(sync): keycloak as source-of-truth with auto catalog sync and token refresh 2026-04-03 00:46:46 +08:00
Chris
7986160d9e fix(auth): resolve admin groups via keycloak admin API when token lacks groups 2026-04-03 00:28:32 +08:00
Chris
6ae907d649 fix(auth): accept keycloak group path variants for admin guard 2026-04-03 00:24:32 +08:00
Chris
2ce9630a5e fix(backend): postpone annotations to avoid list() type shadowing crash 2026-04-03 00:22:00 +08:00
Chris
5837582c0f feat(frontend): migrate admin UI to role-site model and clean legacy pages 2026-04-03 00:18:39 +08:00
Chris
1e1d913103 refactor: rebuild backend around role-site authorization model 2026-04-02 23:58:13 +08:00
Chris
e2dd3ce106 docs: add clickable links for file paths in markdown 2026-04-02 23:38:17 +08:00
Chris
16bbfdba24 docs: rebuild architecture and taskplans for role-site model 2026-04-02 23:35:05 +08:00
Chris
7cdf2b5a51 refactor(keycloak): remove authentik naming and switch to keycloak-only paths 2026-04-01 02:01:41 +08:00
Chris
a9c7cb5f39 fix(auth): relax keycloak audience check and auto-redirect logged-in user 2026-04-01 01:48:06 +08:00
Chris
f0fd5d6e68 fix(auth-callback): redirect to login after successful oidc callback 2026-04-01 01:46:33 +08:00
Chris
b0de6ad94a fix(oidc): add PKCE support for keycloak login flow 2026-04-01 01:43:53 +08:00
Chris
a1eb7ef41b feat(login): simplify to single keycloak redirect button 2026-04-01 01:35:46 +08:00
Chris
07195e7efc fix(login): unify auth entry to single keycloak login page 2026-04-01 01:33:27 +08:00
Chris
dc2811ec61 chore(env): use member-frontend oidc client and keep member-backend admin client 2026-04-01 01:30:44 +08:00
Chris
0b61975c81 chore(env): configure keycloak master client for local backend 2026-04-01 01:20:46 +08:00
Chris
34ba57034d feat(idp): add keycloak-first support with authentik fallback 2026-04-01 00:41:38 +08:00
Chris
febfafc55c fix(login): switch frontend account login to oidc flow 2026-03-31 23:43:57 +08:00
Chris
80a571d227 feat(login): support both password and Google SSO entry on login page 2026-03-31 23:18:28 +08:00
Chris
fe6453f6f8 refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id 2026-03-31 22:32:48 +08:00
Chris
316d17027b docs(api): add internal API contract and expose response schemas in swagger 2026-03-31 22:20:24 +08:00
Chris
15da8a5341 fix(internal): return correct system_key in modules list 2026-03-31 22:02:56 +08:00
Chris
671e27447b refactor(internal): switch auth to api-client headers 2026-03-31 21:09:18 +08:00
Chris
322db6ee1a fix(member): delete authentik user when removing member 2026-03-31 21:01:15 +08:00
Chris
f6f86d4bfb feat(admin): add delete APIs and UI actions for all admin resources 2026-03-31 20:58:20 +08:00
Chris
c4492a3072 fix(api-clients): fallback api-key hashing without argon2; show site/module parent display names 2026-03-31 20:35:04 +08:00
Chris
1d9bdb7daa feat(admin): add api client management UI and backend CRUD/rotate endpoints 2026-03-30 23:28:27 +08:00
Chris
ccb99683b8 feat(members): split username/display_name, sync updates to authentik, add password reset API and refresh docs 2026-03-30 22:15:41 +08:00
Chris
e1a6bbd844 refactor(auth): use group-only admin access and remove admin api-key flow from frontend/admin routes 2026-03-30 21:39:43 +08:00
Chris
15eee2fc9a feat(security): enforce admin allowlist guard on admin APIs and attach bearer for admin client 2026-03-30 21:25:57 +08:00
Chris
fb515c6c44 fix(module-key): make module keys standalone MD format with system_key relation 2026-03-30 20:02:17 +08:00
Chris
b4c02835bd feat(keys): auto-generate entity keys and remove manual key input from admin create forms 2026-03-30 19:52:00 +08:00
Chris
62776ac27e chore(db): rebuild init schema with drop-recreate and group-centric constraints 2026-03-30 19:42:05 +08:00
Chris
ea5285501a feat(admin): implement group-centric relations and system/module/company linkage views 2026-03-30 19:38:49 +08:00
Chris
37a69081e3 docs: rebuild documentation set for new architecture and add DB schema guide 2026-03-30 19:21:54 +08:00
Chris
f884f1043d feat(flow): unify member-group-permission admin workflow and docs 2026-03-30 03:54:22 +08:00
Chris
31fff92e19 feat(flow): auto-resolve authentik sub and improve admin dropdown UX 2026-03-30 03:33:50 +08:00
Chris
f85d3de5c5 feat(admin): add edit flows for all catalogs and member authentik sync 2026-03-30 03:25:53 +08:00
Chris
2dd70dceff fix(auth): correct userinfo endpoint fallback for authentik profile enrichment 2026-03-30 03:13:29 +08:00
Chris
94441a4037 refactor(frontend): remove manual admin credential cards from permission pages 2026-03-30 03:06:31 +08:00
Chris
76fd22826b fix(frontend): auto-attach admin api keys and normalize admin list payloads 2026-03-30 03:03:17 +08:00
Chris
f33134ff53 refactor: Redesign navbar to single-row tab layout 
- 單列 header(高度 56px),sticky top
- 左:logo 區(固定寬度,方便之後換圖)
- 中:tab 列,active 用藍色底線 + 淡藍底色
- 分隔用細豎線 | 區隔用戶與管理員 tab
- 右:輕量文字登出按鈕,不搶焦點
- NavTab 用行內 defineComponent 封裝,乾淨不額外建檔

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-30 02:58:38 +08:00
Chris
c85109e09b refactor: Replace admin dropdown with flat tab navigation 
導覽列重新設計:
- 上方 bar:品牌名 + 登出按鈕
- 下方 tab 列:我的資料、我的權限 | 權限管理、系統、模組、公司、站台、會員、群組
- 用戶 tab(藍色底線)與管理員 tab(靛色底線)視覺分組
- 支持 overflow-x scroll,小螢幕也可橫滑
- 移除 el-dropdown 依賴,改用純 router-link + button

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-30 02:56:19 +08:00
Chris
4bb6ecf887 refactor: Fix UI/UX issues across admin pages 
- App.vue: max-w-4xl → max-w-6xl(讓表格不被截斷)
- 新增 AdminCredsCard.vue 共用元件,消除兩個頁面的重複認證卡片
- PermissionAdminPage / PermissionGroupsPage 改用 AdminCredsCard
- 所有 el-table 的 slot="empty" 換成 <template #empty>(Vue 3 正確用法)
- 4 個管理頁 Dialog 補 el-form rules + formRef.validate()(取代手動 if 檢查)
- MembersPage: authentik_sub / email 欄位加 show-overflow-tooltip
- PermissionGroupsPage: 成功/失敗訊息由 <p> 改為 el-alert(統一樣式)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-30 02:53:54 +08:00
Chris
c3f6293c83 fix(frontend): validate oidc state in callback flow 2026-03-30 02:47:16 +08:00
Chris
70b5f34a74 fix(frontend): harden auth routing and callback error handling 2026-03-30 02:46:35 +08:00
Chris
23baceed71 docs: Update TASKPLAN_FRONTEND and FRONTEND_HANDOFF_SCHEMA_V2 - mark Schema v2 as complete 2026-03-30 02:39:58 +08:00
Chris
c4b9789df7 Upgrade frontend to Schema V2: Admin management pages 
新增功能:
- OIDC 登入流程完整實現(LoginPage → AuthCallbackPage)
- 6 個管理頁面:系統、模組、公司、站台、會員、權限群組
- 權限群組管理:群組 CRUD + 綁定會員 + 群組授權/撤銷
- 新 API 層:systems、modules、companies、sites、members、permission-groups
- admin store:統一管理公共清單資料

調整既有頁面:
- PermissionSnapshotPage:表格新增 system 欄位
- PermissionAdminPage:
  - 新增 system 必填欄位
  - scope_type 改為 company/site 下拉選單
  - module 改為選填(空值代表系統層權限)
- Router:補 6 條新管理路由
- App.vue:導覽列新增管理員群組下拉菜單

驗收條件達成:
✓ 可新增 system/module/company/site
✓ 可做用戶直接 grant/revoke(新 payload)
✓ 可建立 permission-group、加會員、群組 grant/revoke
✓ /me/permissions/snapshot 表格可顯示 system + module + action

Build:成功(0 errors)

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-03-30 02:37:46 +08:00