member/member-platform

Files

History

Chris 21167659f8 perf: disable read-time sync and keep provider sync manual

2026-04-03 01:23:42 +08:00

..

perf: disable read-time sync and keep provider sync manual

2026-04-03 01:23:42 +08:00

fix: add provider column migration script for existing db

2026-04-03 01:10:13 +08:00

refactor: rename idp fields to provider naming

2026-04-03 01:05:01 +08:00

.env

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00

.env.development

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00

.env.example

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00

.env.production.example

refactor(keycloak): remove authentik naming and switch to keycloak-only paths

2026-04-01 02:01:41 +08:00

pyproject.toml

feat: add authentik admin user sync endpoint

2026-03-29 23:08:52 +08:00

README.md

refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00

README.md

memberapi.ose.tw backend

Quick start

cd backend
python -m venv .venv
source .venv/bin/activate
pip install -e .
cp .env.example .env
psql "$DATABASE_URL" -f scripts/init_schema.sql
./scripts/start_dev.sh

Keycloak env

Required:
- KEYCLOAK_BASE_URL
- KEYCLOAK_REALM
- KEYCLOAK_CLIENT_ID
- KEYCLOAK_CLIENT_SECRET
- KEYCLOAK_ADMIN_CLIENT_ID
- KEYCLOAK_ADMIN_CLIENT_SECRET
Optional:
- KEYCLOAK_ADMIN_REALM (default = KEYCLOAK_REALM)
- KEYCLOAK_ISSUER
- KEYCLOAK_JWKS_URL
- KEYCLOAK_TOKEN_ENDPOINT
- KEYCLOAK_USERINFO_ENDPOINT
- KEYCLOAK_AUDIENCE
- KEYCLOAK_VERIFY_TLS

Main APIs

GET /healthz
GET /auth/oidc/url
POST /auth/oidc/exchange
GET /me (Bearer token required)
GET /me/permissions/snapshot (Bearer token required)

Admin APIs (Bearer + admin group required)

GET/POST/PATCH/DELETE /admin/companies
GET/POST/PATCH/DELETE /admin/sites
GET/POST/PATCH/DELETE /admin/systems
GET/POST/PATCH/DELETE /admin/roles
GET/POST/PATCH/DELETE /admin/members
PUT /admin/sites/{site_key}/roles
PUT /admin/members/{user_sub}/sites
GET /admin/members/{user_sub}/roles
GET/POST/PATCH/DELETE /admin/api-clients

Internal APIs (`X-Client-Key` + `X-API-Key`)

GET /internal/companies
GET /internal/sites
GET /internal/systems
GET /internal/roles
GET /internal/members
POST /internal/users/upsert-by-sub
GET /internal/users/{user_sub}/roles
GET /internal/permissions/{user_sub}/snapshot
POST /internal/idp/users/ensure