2c92a81302
merge: Unify master into main - all commits unified
BotServer CI / build (push) Failing after 6m9s
2026-03-01 07:43:07 -03:00
8f495c75ec
WIP: Local changes before merging master into main
2026-03-01 07:40:11 -03:00
bbdf243c86
fix: OAuth client creation during bootstrap
...
BotServer CI / build (push) Failing after 6m2s
- Add password grant authentication support in DirectorySetup
- Extract initial admin credentials from Zitadel log file
- Fix race condition in Zitadel startup (wait for health check before starting)
- Create parent directories before saving config
- Add retry logic for OAuth client creation
- Improve error handling with detailed messages
Fixes authentication service not configured error after bootstrap.
2026-03-01 07:31:17 -03:00
e143968179
feat: Add JWT secret rotation and health verification
...
SEC-02: Implement credential rotation security improvements
- Add JWT secret rotation to rotate-secret command
- Generate 64-character HS512-compatible secrets
- Automatic .env backup with timestamp
- Atomic file updates via temp+rename pattern
- Add health verification for rotated credentials
- Route rotate-secret, rotate-secrets, vault commands in CLI
- Add verification attempts for database and JWT endpoints
Security improvements:
- JWT_SECRET now rotatable (previously impossible)
- Automatic rollback via backup files
- Health checks catch configuration errors
- Clear warnings about token invalidation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-19 19:42:41 +00:00
5ea171d126
Refactor: Split large files into modular subdirectories
...
BotServer CI / build (push) Failing after 1m34s
Split 20+ files over 1000 lines into focused subdirectories for better
maintainability and code organization. All changes maintain backward
compatibility through re-export wrappers.
Major splits:
- attendance/llm_assist.rs (2074→7 modules)
- basic/keywords/face_api.rs → face_api/ (7 modules)
- basic/keywords/file_operations.rs → file_ops/ (8 modules)
- basic/keywords/hear_talk.rs → hearing/ (6 modules)
- channels/wechat.rs → wechat/ (10 modules)
- channels/youtube.rs → youtube/ (5 modules)
- contacts/mod.rs → contacts_api/ (6 modules)
- core/bootstrap/mod.rs → bootstrap/ (5 modules)
- core/shared/admin.rs → admin_*.rs (5 modules)
- designer/canvas.rs → canvas_api/ (6 modules)
- designer/mod.rs → designer_api/ (6 modules)
- docs/handlers.rs → handlers_api/ (11 modules)
- drive/mod.rs → drive_handlers.rs, drive_types.rs
- learn/mod.rs → types.rs
- main.rs → main_module/ (7 modules)
- meet/webinar.rs → webinar_api/ (8 modules)
- paper/mod.rs → (10 modules)
- security/auth.rs → auth_api/ (7 modules)
- security/passkey.rs → (4 modules)
- sources/mod.rs → sources_api/ (5 modules)
- tasks/mod.rs → task_api/ (5 modules)
Stats: 38,040 deletions, 1,315 additions across 318 files
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-12 21:09:30 +00:00
Rodrigo Rodriguez
fc0926ffff
WIP: Multiple code improvements from previous session
...
- Fix various compiler warnings
- Update analytics, auto_task, and basic keywords
- Improve security, channels, and core modules
- Update designer, directory, and drive modules
- Fix embedded UI and LLM modules
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-08 12:25:37 +00:00
1fb1feff56
Fix: /api/auth/me now returns anonymous user instead of 401
2026-02-04 14:10:05 -03:00
e7fbf0ce46
Fix: generate GB-specific access token with gb_ prefix
2026-02-04 14:02:01 -03:00
e717f90cee
Fix auth routes - simplify to use in-memory cache only
2026-02-04 13:47:02 -03:00
f311a438cd
Fix /api/auth/me to validate tokens from database
...
- Save login tokens to user_login_tokens table on successful login
- Modify get_current_user to check database when cache miss occurs
- Query Zitadel directory to get user details from token
- Update last_used timestamp for token tracking
- Tokens now persist across server restarts
2026-02-04 13:28:37 -03:00
66abce913f
Feature gating refactor: modular compilation with minimal feature set
2026-01-22 19:45:18 -03:00
a2783f9b32
Fix 5 errors and 32 warnings: calendar, compliance, billing_alert_broadcast, unused vars
2026-01-13 22:21:25 -03:00
b4003e3e0a
fix(auth): align auth middleware anonymous paths with RBAC config
...
- Remove broad /api/auth anonymous path that was matching /api/auth/me
- Add specific anonymous paths: /api/auth/login, /api/auth/refresh, /api/auth/bootstrap
- Remove /api/auth/logout, /api/auth/2fa/* from anonymous (require auth)
- Fix /api/auth/me returning 401 for authenticated users
2026-01-10 17:31:50 -03:00
479950945b
feat(auth): Add OTP password display on bootstrap and fix Zitadel login flow
...
- Add generate_secure_password() for OTP generation during admin bootstrap
- Display admin credentials (username/password) in console on first run
- Save credentials to ~/.gb-setup-credentials file
- Fix Zitadel client to support PAT token authentication
- Replace OAuth2 password grant with Zitadel Session API for login
- Fix get_current_user to fetch user data from Zitadel session
- Return session_id as access_token for proper authentication
- Set email as verified on user creation to skip verification
- Add password grant type to OAuth application config
- Update directory_setup to include proper redirect URIs
2026-01-06 22:56:35 -03:00
