* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
* feat: Add URL column to CSV export for items
Enhanced the CSV export functionality to include a URL field for each item. This change required updating the export logic to generate and include item URLs based on the request's referer header.
* chore: add URL configuration to V1Controller for dynamic URL handling in item export
Currently, the implementation for API v1 routes has the main drawback
that any unknown path gets the fallback `notFoundHandler`, trying to
access filesystem paths.
However, for API routes specifically, we can have a subrouter, and a
default NotFound handler that returns 404.
With this change, requests to `api/v1/<unknown>` now correctly returns
status code 404 instead of 200.
* rough implementation of WS based event system for server side notifications of mutation
* fix test construction
* fix deadlock on event bus
* disable linter error
* add item mutation events
* remove old event bus code
* refactor event system to use composables
* refresh items table when new item is added
* fix create form errors
* cleanup unnecessary calls
* fix importer erorrs + limit fn calls on import
Former-commit-id: 2cbcc8bb1d
* move typegen code
* update taskfile to fix code-gen caches and use 'dir' attribute
* enable dumping stack traces for errors
* log request start and stop
* set zerolog stack handler
* fix routes function
* refactor context adapters to use requests directly
* change some method signatures to support GID
* start requiring validation tags
* first pass on updating handlers to use adapters
* add errs package
* code gen
* tidy
* rework API to use external server package
* introduce scaffold for new models
* wip: shoutrrr wrapper (may remove)
* update schema files
* gen: ent code
* gen: migrations
* go mod tidy
* add group_id to notifier
* db migration
* new mapper helpers
* notifier repo
* introduce experimental adapter pattern for hdlrs
* refactor adapters to fit more common use cases
* new routes for notifiers
* update errors to fix validation panic
* go tidy
* reverse checkbox label display
* wip: notifiers UI
* use badges instead of text
* improve documentation
* add scaffold schema reference
* remove notifier service
* refactor schema folder
* support group edges via scaffold
* delete test file
* include link to API docs
* audit and update documentation + improve format
* refactor schema edges
* refactor
* add custom validator
* set validate + order fields by name
* fix failing tests
