Commit Graph

5 Commits

Author SHA1 Message Date
ld 63ede5c237 refactor(api): enforce protocol-neutral service boundaries
- refactor: move HTTP status and DTO concerns out of model and service
  layers into API and handler code.
- feat: add admin service boundary and route auth through services
  instead of direct repository access.
- test: add architecture and error tests covering package boundaries,
  redaction, and service behavior.
- docs: record the protocol-neutral boundary decision and update
  architecture and roadmap notes.
2026-07-05 23:30:17 +08:00
ld ac98b5ddbd feat(middleware): add AdminRequired authorization middleware
AdminRequired gates admin endpoints by checking user IsAdmin flag.

Placed AFTER AuthRequired; fetches user from repository, returns 403 for non-admins.

Soft-deleted users are rejected with 401 since FindByID excludes them.

Tests: admin passes, non-admin forbidden, soft-deleted admin rejected, missing user ID.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-07-04 17:20:30 +08:00
ld be4fcad605 Refactor handlers to use MustGetUserID
- Fix: replace repeated authorization checks in handlers with the new
  MustGetUserID helper, which panics if the user ID is missing. This
  simplifies handler code by eliminating redundant error handling.
- Tests: update auth tests to verify the panic behavior in unprotected
  routes.
2026-06-24 14:43:38 +08:00
ld b4ab864f80 Add token type to JWT claims for access/refresh distinction
- Add TokenType enum and include in Claims struct
- GenerateRefreshToken now creates tokens with TokenRefresh type
- AuthRequired middleware rejects refresh tokens
- AuthService.Refresh validates token type
- Tests verify type validation
2026-04-29 16:55:18 +08:00
ld 3eeb9f6d26 Implement JWT authentication and app passkey support
- Add JWT token generation and validation
- Implement bcrypt password hashing
- Create auth service with register/login/refresh/logout
- Add app passkey generation and management
- Implement protected routes and auth middleware
- Add comprehensive tests for new functionality
2026-04-29 11:50:09 +08:00