GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions
3930 commits 88 branches 325 tags 129 MiB
Commit graph

11 commits

Author SHA1 Message Date
Rodrigo Rodriguez (Pragmatismo)
bbdf243c86 fix: OAuth client creation during bootstrap
Some checks failed
BotServer CI / build (push) Failing after 6m2s
Details 
- Add password grant authentication support in DirectorySetup
- Extract initial admin credentials from Zitadel log file
- Fix race condition in Zitadel startup (wait for health check before starting)
- Create parent directories before saving config
- Add retry logic for OAuth client creation
- Improve error handling with detailed messages

Fixes authentication service not configured error after bootstrap.
 2026-03-01 07:31:17 -03:00
Rodrigo Rodriguez
e143968179 feat: Add JWT secret rotation and health verification 
SEC-02: Implement credential rotation security improvements

- Add JWT secret rotation to rotate-secret command
- Generate 64-character HS512-compatible secrets
- Automatic .env backup with timestamp
- Atomic file updates via temp+rename pattern
- Add health verification for rotated credentials
- Route rotate-secret, rotate-secrets, vault commands in CLI
- Add verification attempts for database and JWT endpoints

Security improvements:
- JWT_SECRET now rotatable (previously impossible)
- Automatic rollback via backup files
- Health checks catch configuration errors
- Clear warnings about token invalidation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-19 19:42:41 +00:00
Rodrigo Rodriguez
5ea171d126 Refactor: Split large files into modular subdirectories
Some checks failed
BotServer CI / build (push) Failing after 1m34s
Details 
Split 20+ files over 1000 lines into focused subdirectories for better
maintainability and code organization. All changes maintain backward
compatibility through re-export wrappers.

Major splits:
- attendance/llm_assist.rs (2074→7 modules)
- basic/keywords/face_api.rs → face_api/ (7 modules)
- basic/keywords/file_operations.rs → file_ops/ (8 modules)
- basic/keywords/hear_talk.rs → hearing/ (6 modules)
- channels/wechat.rs → wechat/ (10 modules)
- channels/youtube.rs → youtube/ (5 modules)
- contacts/mod.rs → contacts_api/ (6 modules)
- core/bootstrap/mod.rs → bootstrap/ (5 modules)
- core/shared/admin.rs → admin_*.rs (5 modules)
- designer/canvas.rs → canvas_api/ (6 modules)
- designer/mod.rs → designer_api/ (6 modules)
- docs/handlers.rs → handlers_api/ (11 modules)
- drive/mod.rs → drive_handlers.rs, drive_types.rs
- learn/mod.rs → types.rs
- main.rs → main_module/ (7 modules)
- meet/webinar.rs → webinar_api/ (8 modules)
- paper/mod.rs → (10 modules)
- security/auth.rs → auth_api/ (7 modules)
- security/passkey.rs → (4 modules)
- sources/mod.rs → sources_api/ (5 modules)
- tasks/mod.rs → task_api/ (5 modules)

Stats: 38,040 deletions, 1,315 additions across 318 files

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-02-12 21:09:30 +00:00
Rodrigo Rodriguez (Pragmatismo)
1fb1feff56 Fix: /api/auth/me now returns anonymous user instead of 401 2026-02-04 14:10:05 -03:00
Rodrigo Rodriguez (Pragmatismo)
e7fbf0ce46 Fix: generate GB-specific access token with gb_ prefix 2026-02-04 14:02:01 -03:00
Rodrigo Rodriguez (Pragmatismo)
e717f90cee Fix auth routes - simplify to use in-memory cache only 2026-02-04 13:47:02 -03:00
Rodrigo Rodriguez (Pragmatismo)
f311a438cd Fix /api/auth/me to validate tokens from database 
- Save login tokens to user_login_tokens table on successful login
- Modify get_current_user to check database when cache miss occurs
- Query Zitadel directory to get user details from token
- Update last_used timestamp for token tracking
- Tokens now persist across server restarts
 2026-02-04 13:28:37 -03:00
Rodrigo Rodriguez (Pragmatismo)
66abce913f Feature gating refactor: modular compilation with minimal feature set 2026-01-22 19:45:18 -03:00
Rodrigo Rodriguez (Pragmatismo)
a2783f9b32 Fix 5 errors and 32 warnings: calendar, compliance, billing_alert_broadcast, unused vars 2026-01-13 22:21:25 -03:00
Rodrigo Rodriguez (Pragmatismo)
b4003e3e0a fix(auth): align auth middleware anonymous paths with RBAC config 
- Remove broad /api/auth anonymous path that was matching /api/auth/me
- Add specific anonymous paths: /api/auth/login, /api/auth/refresh, /api/auth/bootstrap
- Remove /api/auth/logout, /api/auth/2fa/* from anonymous (require auth)
- Fix /api/auth/me returning 401 for authenticated users
 2026-01-10 17:31:50 -03:00
Rodrigo Rodriguez (Pragmatismo)
479950945b feat(auth): Add OTP password display on bootstrap and fix Zitadel login flow 
- Add generate_secure_password() for OTP generation during admin bootstrap
- Display admin credentials (username/password) in console on first run
- Save credentials to ~/.gb-setup-credentials file
- Fix Zitadel client to support PAT token authentication
- Replace OAuth2 password grant with Zitadel Session API for login
- Fix get_current_user to fetch user data from Zitadel session
- Return session_id as access_token for proper authentication
- Set email as verified on user creation to skip verification
- Add password grant type to OAuth application config
- Update directory_setup to include proper redirect URIs
 2026-01-06 22:56:35 -03:00