coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
79 Commits 5 Branches 0 Tags
d48e6b2f97bc29fb2591ed83c97b5f67533b5d45
Commit Graph

24 Commits

Author SHA1 Message Date
coryHawkvelt d48e6b2f97 feat: add sliding session timeout with idle and absolute caps 2026-04-26 18:12:37 +09:30
nexgen_mirrors de6f39e7e3 feat(ssh): change SSH key uniqueness to per-user scope 
Previously, SSH key fingerprints were globally unique across all users,
preventing the same key from being registered by different users. This
change makes fingerprint uniqueness scoped to individual users.

- Remove global unique constraints on payload and fingerprint columns
- Add composite unique constraint on (user_id, fingerprint)
- Make add_ssh_key operation idempotent for same user
- Return tuple (SSHKey, is_new) from service to indicate creation status
- Update API to return 200 for existing keys, 201 for new keys

BREAKING CHANGE: API behavior changed - duplicate key addition now
returns 200 OK instead of 409 Conflict. Service method signature changed
from returning SSHKey to tuple[SSHKey, bool].
 2026-04-25 06:22:08 +09:30
nexgen_mirrors cec04f3cb2 feat(ssh): add multi-organization support for certificate signing 
Add support for users who belong to multiple organizations to select
which organization's CA should sign their SSH certificates.

Changes:
- CLI: Add --org-id and --list-orgs options for organization selection
- API: Return MULTIPLE_ORGS_AMBIGUOUS error when org selection needed
- API: Add /users/me/organizations/simple endpoint for CLI org listing
- DB: Add organization_id to certificate_audit_logs for better tracking
- Include organization_name in certificate response for clarity
 2026-04-24 22:27:24 +09:30
nexgen_mirrors eb2fc6c8b3 Added soft deletes to all deletion functions and added deleted_at filters as required 2026-04-22 17:27:49 +09:30
nexgen_mirrors 1778dd85d5 Add superadmin routes to API 2026-04-21 17:11:03 +09:30
nexgen_mirrors 7480e9d62b fix(user): filter out soft-deleted memberships and organizations 
Add get_active_memberships() method to User model that filters out
soft-deleted memberships and memberships of deleted organizations.
Update all usages of organization_memberships to use this method,
ensuring consistent handling of soft-deleted records across the
codebase. Also add deleted_at filters to CA queries in SSH helpers.
 2026-04-10 00:39:44 +09:30
JamesBhattarai 2b6f7e15af Feat(Fix): Multi-Tenant Zerotier Org Setups 
Imports Network From Zerotier
Async Emails
Migration guardrails
Admin to see all approvals states
 2026-03-31 12:33:56 +05:45
JamesBhattarai 05eb092228 Fix: DB Migration 2026-03-31 12:33:56 +05:45
JamesBhattarai f334000da3 Feat: Implemented SUDO Department & API Key, CA Serial 2026-03-22 16:06:12 +05:45
JamesBhattarai ff976ee1cc Fix: Serial uniqueness 2026-03-22 16:05:52 +05:45
nexgen_mirrors 1789590167 feat(zerotier): add ZeroTier network governance module 
Add comprehensive ZeroTier integration for managing network access:

- Portal networks: manager-created ZeroTier network bindings
- Device registration: user-owned ZeroTier node endpoints
- Approval workflows: request/approve/revoke network access
- Activation sessions: time-limited network authorization
- Kill switch: emergency access revocation
- Reconciliation job: sync portal state with ZeroTier controller

Includes ZeroTier client SDK supporting both Central and self-hosted
controller APIs, with full CRUD operations for networks and members.
 2026-03-20 21:50:20 +10:30
JamesBhattarai cc9dc5064e Fix: Migration 
oidc_jwks_keys table doesn't exist
uix_org_provider_type constraint multiple use
transaction abort/never rolled back
 2026-03-05 11:35:09 +05:45
JamesBhattarai 7cb522b590 Feat(Chore, Fix): Refractor, Half Baked Deletion + Admin Privilege 
Refractor Codes into sub file/folders
Admin can remove users'/members mfa/2fa, unlink account from  oauth provider
Admin can  add/reset password
Different Email (OIDC + Manual)-Same Account; (Block Linking and authorize if available)
 2026-03-04 18:49:04 +05:45
JamesBhattarai 34f2dc070c Fix: CA host Sign via web 2026-03-03 18:02:45 +05:45
JamesBhattarai 5250d18eb0 Fix(Feat): CA, Audits, Rte Limit 
CA Encryption, Serials, Rate Limiter, Account suspension blocks login
Transfer Ownership & Delete Account
 2026-03-02 23:53:51 +05:45
JamesBhattarai 07193a2d2e Chore: Refractor Models into organized file/folder 2026-03-01 20:42:48 +05:45
JamesBhattarai e79c584c50 Feat(Fix): Key Timezone, Expiry, Depart Link 2026-02-28 23:48:07 +05:45
JamesBhattarai b2212ab4d6 Feat: Added CA-merged with Securid-Principals, Depart, Client-CLI 2026-02-27 21:59:01 +05:45
JamesBhattarai 92fd57447d Chore(Feat): added principal,depart RBAC 2026-02-27 10:03:05 +05:45
JamesBhattarai 1ba5738d52 Feat: OIDC UI bridge, Microsoft SSO,, and schema session flaws 
- OAuth Callback to Use Gatehouse UI to login instead of Backend Served dull ui
- Setup Autoregister of user + org, on oauth
- Microsoft Oauth Support
- OIDCRefreshToken.access_token_id  had a narrow Column increased to VAR(255) and remove FK to sessions.id which had no use
- client_id and client.id mismatch ,backup-code consumption
 2026-02-26 23:18:31 +05:45
coryHawkvelt ae2421763a google login works 2026-01-21 03:09:46 +10:30
coryHawkvelt 4cf4a27c9a can link google accounts! 2026-01-20 15:54:00 +10:30
coryHawkvelt d063a0ca81 enable policies 2026-01-16 17:31:20 +10:30
coryHawkvelt 2c0aaf484b move app to gatehouse-app 2026-01-15 03:40:29 +10:30