api-server

wangdl/api-server

Fork 0

Commit Graph

Author	SHA1	Message	Date
wangdl	ed2dcb02f6	feat: add AdminApiKey permanent token for automated testing All checks were successful Deploy API Server / build-and-deploy (push) Successful in 50s Details - Add AdminApiKey model (keyHash, expiresAt nullable for permanent) - Extend AdminAuthGuard to accept x-api-key header as fallback auth - Seed creates test-admin@zhixi.com with permanent SUPER_ADMIN API key - Key format: zxat_<64 hex chars>, stored as SHA-256 hash Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-18 18:52:04 +08:00
WangDL	5a7c21dd60	feat: implement complete admin authentication system All checks were successful Deploy API Server / build-and-deploy (push) Successful in 9s Details - Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy - Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT) - Add AdminAuthService: login/lockout/refresh/logout with audit logging - Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me} - Add AdminAuthGuard: validates type=admin, user status, session, lockout - Add AdminRolesGuard + @AdminRoles() decorator for RBAC - Add AdminAuditService for audit log persistence - Add AdminLoginRateLimit (10 req/15min per IP) - Add prisma/seed.ts for SUPER_ADMIN initialization via env vars - Update JwtAuthGuard to skip /admin-api/* and /internal/* paths - Update main.ts to exclude admin-api/internal from global 'api' prefix - Update jwt.config.ts with admin JWT secrets and expiry config Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-21 15:05:31 +08:00

Author

SHA1

Message

Date

wangdl

ed2dcb02f6

feat: add AdminApiKey permanent token for automated testing

Deploy API Server / build-and-deploy (push) Successful in 50s

Details

- Add AdminApiKey model (keyHash, expiresAt nullable for permanent)
- Extend AdminAuthGuard to accept x-api-key header as fallback auth
- Seed creates test-admin@zhixi.com with permanent SUPER_ADMIN API key
- Key format: zxat_<64 hex chars>, stored as SHA-256 hash

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-18 18:52:04 +08:00

WangDL

5a7c21dd60

feat: implement complete admin authentication system

Deploy API Server / build-and-deploy (push) Successful in 9s

Details

- Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy
- Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT)
- Add AdminAuthService: login/lockout/refresh/logout with audit logging
- Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me}
- Add AdminAuthGuard: validates type=admin, user status, session, lockout
- Add AdminRolesGuard + @AdminRoles() decorator for RBAC
- Add AdminAuditService for audit log persistence
- Add AdminLoginRateLimit (10 req/15min per IP)
- Add prisma/seed.ts for SUPER_ADMIN initialization via env vars
- Update JwtAuthGuard to skip /admin-api/* and /internal/* paths
- Update main.ts to exclude admin-api/internal from global 'api' prefix
- Update jwt.config.ts with admin JWT secrets and expiry config

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-21 15:05:31 +08:00

2 Commits