madapes/madbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Verify M2/M3 implementation, fix regressions against M0/M1
Some checks failed
CI/CD Pipeline / lint (push) Successful in 3m45s
Details
CI/CD Pipeline / integration-tests (push) Failing after 58s
Details
CI/CD Pipeline / unit-tests (push) Failing after 1m2s
Details
CI/CD Pipeline / e2e-tests (push) Has been skipped
Details
CI/CD Pipeline / build (push) Has been skipped
Details

Browse Source 
Regressions fixed:
- gateway/src/worker.rs: missing session_manager field in AuthState (M3 regression)
- gateway/src/main.rs: same missing field in monolithic gateway
- storage/src/handlers.rs: removed unused validate_role (now handled by RlsTransaction)

M2 Storage Pillar — verified complete:
- StorageBackend trait with full API (put/get/delete/copy/head/list/multipart)
- AwsS3Backend implementation with streaming get_object
- StorageMode enum (Cloud/SelfHosted) in Config
- All routes: CRUD buckets, CRUD objects, copy, move, sign, public URL, health
- Bucket constraints: file_size_limit + allowed_mime_types enforced on upload
- TUS resumable uploads with S3 multipart (5MB chunking)
- Image transforms run via spawn_blocking
- docker-compose.pillar-storage.yml, templates/storage-node.yaml
- Shared Docker network on all pillar compose files

M3 Auth Completeness — verified complete:
- POST /logout revokes refresh tokens + Redis sessions
- GET /settings returns provider availability
- POST /magiclink with hashed token storage
- DELETE /user soft-delete with token revocation
- Recovery flow accepts new password
- Email change requires re-verification via token
- OAuth callback redirects with fragment tokens
- MFA verify returns aal2 JWT with amr claims
- MFA challenge validates factor ownership
- SessionManager wired into login/logout
- GET /sessions returns active sessions
- Configurable ACCESS_TOKEN_LIFETIME
- Claims model extended with session_id, aal, amr

Tests: 62 passed, 0 failed, 11 ignored (external services)
Warnings: 0
Made-with: Cursor
This commit is contained in:
Vlad Durnea
2026-03-15 14:40:48 +02:00
parent 0179cc285d
commit 38cab8c246
29 changed files with 1924 additions and 666 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
migrations/20260315000001_add_bucket_constraints.sql Normal file
View File

@@ -0,0 +1,8 @@
-- Add bucket constraints for file size and MIME type validation
ALTER TABLE storage.buckets
ADD COLUMN IF NOT EXISTS file_size_limit BIGINT,
ADD COLUMN IF NOT EXISTS allowed_mime_types TEXT[];
-- Add comments for documentation
COMMENT ON COLUMN storage.buckets.file_size_limit IS 'Maximum file size in bytes for objects in this bucket';
COMMENT ON COLUMN storage.buckets.allowed_mime_types IS 'Array of allowed MIME types (e.g., ["image/jpeg", "image/png"]). Empty or NULL means all types allowed.';

20
migrations/20260315000002_m3_auth_completeness.sql Normal file
View File

@@ -0,0 +1,20 @@
-- M3 Auth Completeness Migration
-- Add support for deleted_at, email_change tracking, and MFA challenges
-- Add deleted_at column for soft delete support
ALTER TABLE users ADD COLUMN IF NOT EXISTS deleted_at TIMESTAMPTZ;
-- Add email change tracking columns
ALTER TABLE users ADD COLUMN IF NOT EXISTS email_change TIMESTAMPTZ;
ALTER TABLE users ADD COLUMN IF NOT EXISTS email_change_token_new TEXT;
-- Create MFA challenges table for tracking MFA verification attempts
CREATE TABLE IF NOT EXISTS auth.mfa_challenges (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
factor_id UUID NOT NULL REFERENCES auth.mfa_factors(id) ON DELETE CASCADE,
created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
verified_at TIMESTAMPTZ,
ip_address TEXT
);
CREATE INDEX IF NOT EXISTS idx_mfa_challenges_factor ON auth.mfa_challenges(factor_id);