* ent re-generation
* add oidc integration
* document oidc integration
* go fmt
* address backend linter findings
* run prettier on index.vue
* State cookie domain can mismatch when Hostname override is used (breaks CSRF check). Add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Delete state cookie with matching domain and MaxAge; add SameSite.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Fix endpoint path in comments and error to include /api/v1.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Also use request context when verifying the ID token.
* Do not return raw auth errors to clients (user-enumeration risk).
* consistently set cookie the same way across function
* remove baseURL after declaration
* only enable OIDC routes if OIDC is enabled
* swagger doc for failure
* Only block when provider=local; move the check after parsing provider
* fix extended session comment
* reduce pii logging
* futher reduce pii logging
* remove unused DiscoveryDocument
* remove unused offline_access from default oidc scopes
* remove offline access from AuthCodeURL
* support host from X-Forwarded-Host
* set sane default claim names if unset
* error strings should not be capitalized
* Revert "run prettier on index.vue"
This reverts commit aa22330a23.
* Add timeout to provider discovery
* Split scopes robustly
* refactor hostname calculation
* address frontend prettier findings
* add property oidc on type APISummary
* LoginOIDC: Normalize inputs, only create if not found
* add oidc email verification
* oidc handleCallback: clear state cookie before each return
* add support for oidc nonce parameter
* Harden first-login race: handle concurrent creates gracefully and fix log key.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* support email verified claim as bool or string
* fail fast on empty email
* PKCE verifier
* fix: add timing delay to attachment test to resolve CI race condition
The attachment test was failing intermittently in CI due to a race condition
between attachment creation and retrieval. Adding a small 100ms delay after
attachment creation ensures the file system and database operations complete
before the test attempts to verify the attachment exists.
* Revert "fix: add timing delay to attachment test to resolve CI race condition"
This reverts commit 4aa8b2a0d829753e8d2dd1ba76f4b1e04e28c45e.
* oidc error state, use ref
* rename oidc.force to oidc.authRedirect
* remove hardcoded oidc error timeout
* feat: sub/iss based identity matching and userinfo endpoint collection
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Matthew Kilgore <matthew@kilgore.dev>
* Improve swagger generation
These issues are causing ogen-api to fail after I used the swagger
converter.
* Specify multipart/form-data routes
Operations with parameters of "type: file" must include "multipart/form-data" in their "consumes" property
* Fix example usage
* fixup! Specify multipart/form-data routes
* Fix final validation errors
* move typegen code
* update taskfile to fix code-gen caches and use 'dir' attribute
* enable dumping stack traces for errors
* log request start and stop
* set zerolog stack handler
* fix routes function
* refactor context adapters to use requests directly
* change some method signatures to support GID
* start requiring validation tags
* first pass on updating handlers to use adapters
* add errs package
* code gen
* tidy
* rework API to use external server package
* introduce scaffold for new models
* wip: shoutrrr wrapper (may remove)
* update schema files
* gen: ent code
* gen: migrations
* go mod tidy
* add group_id to notifier
* db migration
* new mapper helpers
* notifier repo
* introduce experimental adapter pattern for hdlrs
* refactor adapters to fit more common use cases
* new routes for notifiers
* update errors to fix validation panic
* go tidy
* reverse checkbox label display
* wip: notifiers UI
* use badges instead of text
* improve documentation
* add scaffold schema reference
* remove notifier service
* refactor schema folder
* support group edges via scaffold
* delete test file
* include link to API docs
* audit and update documentation + improve format
* refactor schema edges
* refactor
* add custom validator
* set validate + order fields by name
* fix failing tests
* new PR tasks
* add homebox to know words
* formatting
* bump deps
* generate db models
* ts errors
* drop id
* fix accessor
* drop unused time field
* change CI
* add expected error
* add type check
* resolve serveral type errors
* hoise in CI
* make login case insensitive
* expand query to support by Field and By AID search
* type generation
* new API callers
* rework search to support field queries
* improve unnecessary data fetches
* clear stores on logout
* change verbage
* add labels
* schema changes
* db generate
* db migration
* add role based middleware
* implement attachment token access
* generate docs
* implement role based auth
* replace attachment specific tokens with gen token
* run linter
* cleanup temporary token implementation
