LeoVasanko/passkey-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
147 Commits 1 Branch 6 Tags
59e7e40128d3f8f255d68cecff85125ebbf59f95
Commit Graph

76 Commits

Author SHA1 Message Date
Leo Vasanko
94efb00e34 Don't redirect non-auth-host /auth/ to auth site but show basic info on current host, and allow logging out. Adds a new host app for this purpose. 2025-10-04 17:55:08 -06:00
Leo Vasanko
f9f4d59c6b Deny creating sessions for hosts other than rp-id subdomains. 2025-10-04 17:26:03 -06:00
Leo Vasanko
45f9870d0d WebSockets must use origin for finding the host calling them. 2025-10-04 17:16:51 -06:00
Leo Vasanko
2a81544701 Correction on restricted path checking (auth-host). 2025-10-04 16:59:05 -06:00
Leo Vasanko
a60c1bd5f5 Refactor auth-host redirection middleware to its own module. 
Implement redirection to remove /auth/ from UI URLs when on auth-host.
 2025-10-04 16:49:23 -06:00
Leo Vasanko
229f066533 Add validation of the CLI specified --auth-host (needs to be within rp-id). 2025-10-04 16:35:55 -06:00
Leo Vasanko
97f653e116 Fix deletion of session cookie on host logout. 2025-10-04 16:26:36 -06:00
Leo Vasanko
bfb11cc20f A major refactoring for more consistent and stricter flows. 
- Force using the dedicated authentication site configured via auth-host
- Stricter host validation
- Using the restricted app consistently for all access control (instead of the old loginview).
 2025-10-04 15:55:43 -06:00
Leo Vasanko
389e05730b Refactor user editing endpoints (only auth site) under api/user/ while leaving host-based endpoints at api root. 2025-10-04 08:59:51 -06:00
Leo Vasanko
591ea626bf Add host-based authentication, UTC timestamps, session management, and secure cookies; fix styling issues; refactor to remove module; update database schema for sessions and reset tokens. 2025-10-03 18:31:54 -06:00
Leo Vasanko
bb35e57ba4 Fix reset link logic to include /auth when no configured auth-host. 2025-10-02 15:57:20 -06:00
Leo Vasanko
5d8304bbd9 Refactor user-profile, restricted access and reset token registration as separate apps so the frontend does not need to guess which context it is running in. 
Support user-navigable URLs at / as well as /auth/, allowing for a dedicated authentication site with pretty URLs.
 2025-10-02 15:44:48 -06:00
Leo Vasanko
fbfd0bbb47 Create registration links on the same host (subdomain) that is being used by the one who creates it. 2025-10-02 12:30:50 -06:00
Leo Vasanko
ed7d3ee0fc Admin app: guard rails extended, consistent styling, also share styling with main app. 2025-09-30 16:38:14 -06:00
Leo Vasanko
654618883d Implement credential reset via CLI. 2025-09-26 17:18:49 -06:00
Leo Vasanko
8409c7726c Make the /auth/api/validate endpoint renew sessions if needed. 2025-09-26 16:59:11 -06:00
Leo Vasanko
21a6bfd8ba Cleanup 2025-09-26 15:00:17 -06:00
Leo Vasanko
eaca57f625 Minor tuning of Caddy configuration and improved documentation. 2025-09-25 19:12:11 -06:00
Leo Vasanko
e514ae010d Provide user info in Remote-* headers. Caddy configuration improved. 2025-09-25 18:12:40 -06:00
Leo Vasanko
b324276173 Cleaned up login/logout flows. 2025-09-02 19:08:16 -06:00
Leo Vasanko
10e55f63b5 Fix url_for query arg on reset link redirect. 2025-09-02 18:32:56 -06:00
Leo Vasanko
074daebd14 Fix matching bug 2025-09-02 18:22:21 -06:00
Leo Vasanko
c9f9b28bf4 Major refactoring of admin API (permissions, paths) 2025-09-02 18:08:06 -06:00
Leo Vasanko
bfc777fb56 Refactoring permissions checks. 2025-09-02 17:28:26 -06:00
Leo Vasanko
3cd6a59b26 Utility module for accessing frontend in backend code. 2025-09-02 16:06:10 -06:00
Leo Vasanko
dd20e7e7f8 Move forward auth under /admin/api/forward 2025-09-02 15:03:39 -06:00
Leo Vasanko
9feac6e9a8 Moved exception handlers to sub apps. 2025-09-02 14:57:06 -06:00
Leo Vasanko
8c07945661 Rename variable to silence linter 2025-09-02 14:45:23 -06:00
Leo Vasanko
312d23b79a Refactor API under /auth/api 2025-09-02 14:32:19 -06:00
Leo Vasanko
859cc9ed41 Restructure admin app separate of user api. 2025-09-02 14:04:52 -06:00
Leo Vasanko
5302cb9d72 Use bun --bun consistently, avoid devmode origin override if specified by args rp-id and/or origin. 2025-09-01 19:47:46 -06:00
Leo Vasanko
7036338b33 Use rp-name for frontend branding 2025-09-01 18:48:59 -06:00
Leo Vasanko
0b285e6ef0 Count registration also as a login. 2025-09-01 18:40:05 -06:00
Leo Vasanko
6854ba62d4 Linter 2025-09-01 18:29:38 -06:00
Leo Vasanko
37eaffff3f Renaming of users in registration, profile and admin app. 2025-09-01 18:13:01 -06:00
Leo Vasanko
2b03fa74cd Only allow safe characters in permission IDs 2025-08-30 19:10:00 -06:00
Leo Vasanko
d045e1c520 Make default permissions use only : as separator. 2025-08-30 18:43:49 -06:00
Leo Vasanko
16de7b5f1f Allow specifying multiple permissions. 2025-08-30 16:47:38 -06:00
Leo Vasanko
cb17a332a3 Add permission check on forward-auth and validate. 2025-08-30 16:14:39 -06:00
Leo Vasanko
3e5c0065d5 Remodel reset token handling due to browsers sometimes refusing to set the cookie when opening the link (from another site). 2025-08-30 15:54:17 -06:00
Leo Vasanko
4f094a7016 Fixing cascade. 2025-08-30 14:07:32 -06:00
Leo Vasanko
f3e3679b6d Actually usable admin panel 2025-08-29 22:38:22 -06:00
Leo Vasanko
4db7f2e9a6 Almost usable admin panel 2025-08-29 21:54:51 -06:00
Leo Vasanko
7380f09458 Major changes to server startup. Admin page tuning. 2025-08-29 20:41:38 -06:00
Leo Vasanko
e0717f005a Drafting admin app (frontend) 2025-08-12 13:24:27 -07:00
Leo Vasanko
02ac4adc77 Support for adding permissions on roles and orgs. 2025-08-12 13:13:35 -07:00
Leo Vasanko
d2a6bfd2a5 Add permissions to orgs and roles (in DB-agnostic API). 2025-08-12 13:21:37 -06:00
Leo Vasanko
6d9f2a967e Cleaner formatting 2025-08-12 13:21:05 -06:00
Leo Vasanko
407994548a Almost complete org/permission handling. Much cleanup, bootstrap works. 2025-08-07 13:58:12 -06:00
Leo Vasanko
2e4ff30bea Users always belong to one Org. Implement a DB function to fetch all data relevant to a session. 2025-08-07 10:42:49 -06:00