Add a configurable job runner script that executes Flask CLI commands
at specified intervals within Docker containers. Supports graceful
shutdown via SIGTERM/SIGINT signals and includes built-in job commands
for ZeroTier reconciliation and MFA compliance checks.
- Move OIDC endpoints from gatehouse_app/api/oidc.py to gatehouse_app/api/v1/oidc.py
- Register OIDC discovery endpoint directly on app instead of separate blueprint
- Update service name from authy2-backend to secuird-backend in health check
Separate OIDC discovery endpoint into its own blueprint registered at
root level (required by OIDC spec for .well-known path). Move all other
OIDC endpoints to /api/v1/oidc to conform to API versioning standard.
BREAKING CHANGE: OIDC endpoint URLs changed from /oidc/* to /api/v1/oidc/*
- Update org invite, password reset, email verification, and account activation emails to use HTML templates
- Update MFA deadline reminder and suspension notifications to use HTML templates
- Add html_body parameter to _send_email_async for rich email content
- Move POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB to .env
- Update docker-compose.yml to reference env vars instead of hardcoding
- Fix db healthcheck to use correct credentials from .env
- Update .env.example with matching placeholder values
- Update DATABASE_URL to use variable interpolation
Add pluggable email provider system supporting SMTP, Mailgun, and SendGrid
with factory pattern for runtime provider selection. Includes branded HTML
email templates for verification, password reset, MFA notifications, and
organization invites.
Also rebrands all email content from Gatehouse to Secuird, adds email
provider configuration options, and fixes duplicate log handlers in
development mode.
Add production-ready Docker setup with multi-stage Dockerfile, docker-compose
orchestration for API, PostgreSQL, Redis, and Nginx services. Includes
health checks, non-root user execution, and proper networking.
- Add multi-stage Dockerfile with gunicorn/gevent workers
- Add docker-compose.yml with api, db, redis, nginx services
- Add nginx reverse proxy configuration with security headers
- Update .env.example with Docker and production variables
- Add email provider configuration (Mailgun, SendGrid)
- Add requests dependency for HTTP client support
- Update documentation with Docker deployment guide
- Rebrand project name from Gatehouse to Secuird
Replace 35 incremental migration files with one comprehensive initial
migration that captures the complete database schema. This simplifies
the migration history and eliminates complex dependency chains between
migrations.
The new migration (6a4c4ed4a5c6) includes all tables for:
- Users, organizations, and authentication
- SSH CA and certificate management
- ZeroTier network integration
- OIDC/OAuth providers
- Security policies and audit logging
Refractor Codes into sub file/folders
Admin can remove users'/members mfa/2fa, unlink account from oauth provider
Admin can add/reset password
Different Email (OIDC + Manual)-Same Account; (Block Linking and authorize if available)
- OAuth Callback to Use Gatehouse UI to login instead of Backend Served dull ui
- Setup Autoregister of user + org, on oauth
- Microsoft Oauth Support
- OIDCRefreshToken.access_token_id had a narrow Column increased to VAR(255) and remove FK to sessions.id which had no use
- client_id and client.id mismatch ,backup-code consumption
nexgen_mirrors
JamesBhattarai
coryHawkvelt
HawkveltGiteaAdmin
James Bhattarai