WildDragonLLC/dragonflight
1
0
Fork 0
Code Issues 18 Pull requests 3 Projects Releases Packages Wiki Activity Actions
dragonflight/services/mam-api
History
Zac Gaetano 8028c4c4dd feat(auth): bound-hostname tokens for node-agent + return role from /me 
- requireAuth bearer path now selects api_tokens.bound_hostname and users.role,
  populates req.tokenBoundHostname and req.user.role. /cluster/heartbeat can
  now authenticate via a bound api_token (issued via POST /auth/tokens with
  bound_hostname).
- routes/tokens.js POST accepts bound_hostname; GET returns it so users can
  see which tokens are bound.
- Remove /cluster/heartbeat from SERVICE_PATHS so requireAuth runs on it (the
  bearer auth handles the gate; the heartbeat handler still enforces the
  body.hostname === bound match).
- /auth/me now returns role (final-review I2). Closes the gap where every
  signed-in user appeared as 'viewer' in the UI regardless of actual role.
- loadUser SELECTs role for session auth.
- Backend tests still 37/15/0/22 — no test changes needed; existing token
  CRUD tests stay passing since bound_hostname is optional.
2026-05-27 19:27:59 -04:00
..
src feat(auth): bound-hostname tokens for node-agent + return role from /me 2026-05-27 19:27:59 -04:00
test fix(mam-api): TRUST_PROXY boot warning + CSRF integration tests + bounded rate-limit map 2026-05-27 15:03:35 -04:00
.env.example add services/mam-api/.env.example 2026-04-07 21:58:24 -04:00
.gitignore add services/mam-api/.gitignore 2026-04-07 21:58:24 -04:00
Dockerfile feat: SDK deployment UI, proxy encoding global settings, S3 env fallback 2026-05-23 02:58:32 +00:00
package-lock.json fix(mam-api): TRUST_PROXY boot warning + CSRF integration tests + bounded rate-limit map 2026-05-27 15:03:35 -04:00
package.json fix(mam-api): test glob — use find so npm test picks up files at any depth 2026-05-27 13:54:12 -04:00