coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
91 Commits 5 Branches 0 Tags
81a221bd2b5429261286b8bd4f44505963d29346
Commit Graph

91 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JamesBhattarai 42ff4f2f4f Fix: Migration Heads 2026-03-22 16:06:14 +05:45
JamesBhattarai f334000da3 Feat: Implemented SUDO Department & API Key, CA Serial 2026-03-22 16:06:12 +05:45
JamesBhattarai ff976ee1cc Fix: Serial uniqueness 2026-03-22 16:05:52 +05:45
JamesBhattarai 7492c40668 Fix: Admin Expiry Hours 2026-03-22 16:05:52 +05:45
JamesBhattarai 16d04bd5f7 Chore: Setup and Env 2026-03-22 16:04:29 +05:45
nexgen_mirrors 1789590167 feat(zerotier): add ZeroTier network governance module 
Add comprehensive ZeroTier integration for managing network access:

- Portal networks: manager-created ZeroTier network bindings
- Device registration: user-owned ZeroTier node endpoints
- Approval workflows: request/approve/revoke network access
- Activation sessions: time-limited network authorization
- Kill switch: emergency access revocation
- Reconciliation job: sync portal state with ZeroTier controller

Includes ZeroTier client SDK supporting both Central and self-hosted
controller APIs, with full CRUD operations for networks and members.
 2026-03-20 21:50:20 +10:30
HawkveltGiteaAdmin 49e724222f Merge pull request #7 from jamesii-b/gatehouse/secuird-CA-merge-v2.01 
Gatehouse/secuird ca merge v2.01
 2026-03-05 16:55:58 +10:30
JamesBhattarai cc9dc5064e Fix: Migration 
oidc_jwks_keys table doesn't exist
uix_org_provider_type constraint multiple use
transaction abort/never rolled back
 2026-03-05 11:35:09 +05:45
JamesBhattarai 7cb522b590 Feat(Chore, Fix): Refractor, Half Baked Deletion + Admin Privilege 
Refractor Codes into sub file/folders
Admin can remove users'/members mfa/2fa, unlink account from  oauth provider
Admin can  add/reset password
Different Email (OIDC + Manual)-Same Account; (Block Linking and authorize if available)
 2026-03-04 18:49:04 +05:45
JamesBhattarai ea1bacc794 Fix: Deletion Deadlocks (Owner, User) 2026-03-03 23:22:50 +05:45
JamesBhattarai 34f2dc070c Fix: CA host Sign via web 2026-03-03 18:02:45 +05:45
HawkveltGiteaAdmin 98350323a5 Merge pull request #2 from jamesii-b/gatehouse/secuird-CA-merge-v2.01 
Gatehouse with secuird CA Merge (Gatehouse Isolated)
 2026-03-03 13:52:52 +10:30
JamesBhattarai 5250d18eb0 Fix(Feat): CA, Audits, Rte Limit 
CA Encryption, Serials, Rate Limiter, Account suspension blocks login
Transfer Ownership & Delete Account
 2026-03-02 23:53:51 +05:45
JamesBhattarai be87fd90b1 Feat(Fix): CA manage Host/User Key 2026-03-01 20:42:48 +05:45
JamesBhattarai 9875216861 Feat(Fix): User & Org Setup Initial (Invite + Create on own) & Fix: User Suspension 2026-03-01 20:42:48 +05:45
JamesBhattarai a0d4e59c24 Feat(Chore): Verify Flow, Invites, Suspend, Depart Cert Policy 
feat: add password reset and email verification flow
feat: add org invite listing, cancellation, and invite link fallback
feat: add user suspend/unsuspend with audit logging
feat: add department certificate policy (expiry, extensions)
feat: enforce dept cert policy on SSH certificate signing
feat: wire up OIDC consent and token flow (replace mocks)
feat: rework CLI auth bridge to use frontend login flow
feat: add admin OAuth provider management (CRUD)
chore: refactor model import paths after module reorganisation
chore: clean up config, decorators, and dev tooling
 2026-03-01 20:42:48 +05:45
JamesBhattarai 07193a2d2e Chore: Refractor Models into organized file/folder 2026-03-01 20:42:48 +05:45
James Bhattarai 58432da1c8 Merge branch 'CoryHawkless:main' into gatehouse/secuird-CA-merge-v2.01 2026-02-28 23:48:54 +05:45
JamesBhattarai e79c584c50 Feat(Fix): Key Timezone, Expiry, Depart Link 2026-02-28 23:48:07 +05:45
JamesBhattarai 8fdc362216 Chore(Fix): Package dependency 2026-02-28 19:19:42 +05:45
JamesBhattarai b2212ab4d6 Feat: Added CA-merged with Securid-Principals, Depart, Client-CLI 2026-02-27 21:59:01 +05:45
JamesBhattarai 92fd57447d Chore(Feat): added principal,depart RBAC 2026-02-27 10:03:05 +05:45
HawkveltGiteaAdmin d5a32cd59f Merge pull request #1 from jamesii-b/oidc/v1.01 
Feat: OIDC UI bridge, Microsoft SSO,, and schema session flaws
 2026-02-27 14:35:58 +10:30
JamesBhattarai c623824738 Chore(Feat): added gatehouse-cli 2026-02-27 07:48:55 +05:45
JamesBhattarai 1ba5738d52 Feat: OIDC UI bridge, Microsoft SSO,, and schema session flaws 
- OAuth Callback to Use Gatehouse UI to login instead of Backend Served dull ui
- Setup Autoregister of user + org, on oauth
- Microsoft Oauth Support
- OIDCRefreshToken.access_token_id  had a narrow Column increased to VAR(255) and remove FK to sessions.id which had no use
- client_id and client.id mismatch ,backup-code consumption
 2026-02-26 23:18:31 +05:45
nexgen_mirrors f1fff22f3e tidy up 2026-02-23 13:25:17 +10:30
nexgen_mirrors cbdf6185b6 remove junk 2026-02-23 13:25:05 +10:30
coryHawkvelt 7637d7df45 migrations 2026-01-28 14:20:48 +10:30
coryHawkvelt ae2421763a google login works 2026-01-21 03:09:46 +10:30
coryHawkvelt 4cf4a27c9a can link google accounts! 2026-01-20 15:54:00 +10:30
coryHawkvelt 900722d695 Force mfa if enabled at login 2026-01-16 17:51:04 +10:30
coryHawkvelt d063a0ca81 enable policies 2026-01-16 17:31:20 +10:30
coryHawkvelt b2e084db33 fix(webauthn): ensure provider_data JSON changes are detected by SQLAlchemy 
Add flag_modified() calls after modifying provider_data dictionary to
explicitly mark the field as changed. SQLAlchemy does not automatically
track mutations to JSON fields, which could result in changes not being
persisted to the database.
 2026-01-16 11:34:40 +10:30
coryHawkvelt af0281281a web authn working! 2026-01-16 11:25:27 +10:30
coryHawkvelt 2c0aaf484b move app to gatehouse-app 2026-01-15 03:40:29 +10:30
coryHawkvelt 5e4cffcf73 functional totp 2026-01-14 18:06:26 +10:30
coryHawkvelt cfd79190ee feat(auth): implement TOTP two-factor authentication with enrollment and verification 
Adds TOTP (Time-based One-Time Password) two-factor authentication support including:
- New TOTP service with secret generation, QR code provisioning, and code verification
- New auth endpoints for enrollment, verification, status, and backup code management
- New TOTP authentication method type and user methods for TOTP management
- Backup codes generation and verification for account recovery
- Updated OIDC endpoints with timezone-aware datetime handling and RFC-compliant responses
- Added "roles" scope support for OIDC userinfo and ID tokens
- New pyotp dependency for TOTP operations
- Comprehensive unit tests for TOTP service
 2026-01-14 18:06:17 +10:30
nexgen_mirrors 977abf66df update readme 2026-01-09 13:00:02 +10:30
nexgen_mirrors a6474f55c1 feat(oidc): add debug logging and migrate client secret hashing to Flask-Bcrypt 
- Add comprehensive debug logging across OIDC endpoints and services for development troubleshooting
- Implement backward-compatible password hash checking with automatic migration from raw bcrypt to Flask-Bcrypt format
- Refactor logging configuration to ensure proper propagation across all app modules
- Configure root logger and disable Werkzeug duplication for cleaner log output
- Initialize OIDC JWKS service on application startup
- Update seed script to use Flask-Bcrypt for client secret hashing
- Fix audit service to use correct event_metadata parameter

BREAKING CHANGE: Client secrets created with old raw bcrypt format will be automatically migrated to Flask-Bcrypt format on first successful authentication
 2026-01-09 12:59:53 +10:30
nexgen_mirrors 5e060f267d major checkpoint 2026-01-08 15:59:53 +10:30
nexgen_mirrors 211854ca0a inital 2026-01-08 01:00:26 +10:30