feat: Waves 3+4 — frontend wiring, NATS integration, stores (19 files)
All checks were successful
Test Asgard Runner / test (push) Successful in 2s
All checks were successful
Test Asgard Runner / test (push) Successful in 2s
Frontend:
- Wire Dashboard quick actions (start/stop/trigger wipe) + next wipe schedule
- Wire Console WebSocket streaming for real-time output
- Implement TOTP 2FA challenge flow in LoginView
- Wire Plugin load/unload toggle + uninstall buttons with confirmations
- Wire WipesView profile selector, disable trigger when no profiles
- Build full WipeProfiles create/edit modal with all config fields
- Wire MapsView file upload with multipart FormData
- Fix SettingsView empty catch blocks → toast error messages
- Fix stale localStorage token reads in CSV exports → auth store
- Fix auth store hardcoded permissions → JWT-decoded role permissions
- Fix wipe store onMounted lifecycle bug → explicit subscribe action
- Update EarlyAccessView from countdown to "Now Live" state
Backend:
- Wire wipe trigger to publish NATS cmd (corrosion.{id}.cmd.wipe)
- Wire plugin reload/uninstall to publish NATS cmd
- Expand NatsBridgeService: add files, wipe status, server status subs
- Add PATCH schedules/:id/toggle endpoint for task toggling
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Vantz Stockwell
@@ -2,11 +2,35 @@ import { defineStore } from 'pinia'
|
||||
import { ref, computed } from 'vue'
|
||||
import type { User, License } from '@/types'
|
||||
|
||||
/**
|
||||
* Decode the permissions object from a JWT access token payload.
|
||||
* JWTs are base64url-encoded — the payload is not secret, just signed.
|
||||
* The backend JWT strategy embeds `permissions: role?.permissions || {}`
|
||||
* which is a JSONB object from the Role entity (e.g. { 'server.view': true }).
|
||||
* Returns an empty object if the token is missing or malformed.
|
||||
*/
|
||||
function decodeJwtPermissions(token: string): Record<string, boolean> {
|
||||
try {
|
||||
const payloadB64 = token.split('.')[1]
|
||||
if (!payloadB64) return {}
|
||||
const json = atob(payloadB64.replace(/-/g, '+').replace(/_/g, '/'))
|
||||
const payload = JSON.parse(json)
|
||||
return payload.permissions && typeof payload.permissions === 'object'
|
||||
? payload.permissions
|
||||
: {}
|
||||
} catch {
|
||||
return {}
|
||||
}
|
||||
}
|
||||
|
||||
export const useAuthStore = defineStore('auth', () => {
|
||||
const user = ref<User | null>(null)
|
||||
const license = ref<License | null>(null)
|
||||
const accessToken = ref<string | null>(null)
|
||||
const refreshToken = ref<string | null>(null)
|
||||
// Permissions decoded from the JWT payload — reflects the user's actual role permissions.
|
||||
// Stored separately so hasPermission() works after page reload (token is persisted).
|
||||
const permissions = ref<Record<string, boolean>>({})
|
||||
|
||||
const isAuthenticated = computed(() => !!accessToken.value)
|
||||
const isSuperAdmin = computed(() => user.value?.is_super_admin ?? false)
|
||||
@@ -17,6 +41,9 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
accessToken.value = data.access_token
|
||||
refreshToken.value = data.refresh_token
|
||||
user.value = data.user
|
||||
// Decode permissions from the JWT so hasPermission() reflects the real role,
|
||||
// not a hardcoded list. Custom roles work automatically this way.
|
||||
permissions.value = decodeJwtPermissions(data.access_token)
|
||||
}
|
||||
|
||||
function setLicense(data: License) {
|
||||
@@ -28,6 +55,7 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
license.value = null
|
||||
accessToken.value = null
|
||||
refreshToken.value = null
|
||||
permissions.value = {}
|
||||
}
|
||||
|
||||
function hasModule(moduleSlug: string): boolean {
|
||||
@@ -38,29 +66,17 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
// Super admin has all permissions
|
||||
if (isSuperAdmin.value) return true
|
||||
|
||||
// Default permissions for authenticated users
|
||||
// In a real implementation, this would check the user's role permissions
|
||||
// For now, grant basic permissions to all authenticated users
|
||||
const basicPermissions = [
|
||||
'server.view',
|
||||
'console.view',
|
||||
'players.view',
|
||||
'plugins.view',
|
||||
'wipes.view',
|
||||
'maps.view',
|
||||
'chat.view',
|
||||
'analytics.view',
|
||||
'notifications.view',
|
||||
'store.view',
|
||||
'modules.view',
|
||||
'settings.view',
|
||||
'schedules.view',
|
||||
'alerts.view',
|
||||
'changelog.view',
|
||||
'migration.view',
|
||||
]
|
||||
// Check the permissions decoded from the JWT payload.
|
||||
// The backend embeds role permissions as a JSONB object { 'resource.action': true }.
|
||||
// If permissions is empty (e.g. after a page reload before re-auth), fall back to
|
||||
// re-decoding from the persisted token so the user isn't locked out.
|
||||
const perms = Object.keys(permissions.value).length > 0
|
||||
? permissions.value
|
||||
: accessToken.value
|
||||
? decodeJwtPermissions(accessToken.value)
|
||||
: {}
|
||||
|
||||
return basicPermissions.includes(permission)
|
||||
return perms[permission] === true
|
||||
}
|
||||
|
||||
return {
|
||||
@@ -68,6 +84,7 @@ export const useAuthStore = defineStore('auth', () => {
|
||||
license,
|
||||
accessToken,
|
||||
refreshToken,
|
||||
permissions,
|
||||
isAuthenticated,
|
||||
isSuperAdmin,
|
||||
hasLicense,
|
||||
|
||||
Reference in New Issue
Block a user