corrosion-admin-panel

vantzs/corrosion-admin-panel

Fork 0

Commit Graph

Author	SHA1	Message	Date
Vantz Stockwell	e849d7803c	fix: JWT tokens expire instantly + double /api prefix in analytics All checks were successful Test Asgard Runner / test (push) Successful in 3s Details - Auth service used flat env var names (JWT_SECRET, JWT_ACCESS_EXPIRY_SECONDS) but @nestjs/config nests them under jwt.* — configService.get() returned undefined, so expiresIn was 0 and tokens expired on issue (iat === exp) - JWT strategy had same bug for secretOrKey - AnalyticsView passed /api/analytics/... to useApi which already prepends /api, resulting in /api/api/analytics/... (404) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 21:40:32 -05:00
Vantz Stockwell	8cd792eb75	feat: Implement NestJS Auth, Users, and Licenses modules Complete authentication system with JWT, refresh tokens, and TOTP 2FA. Auto-generates license keys on registration (CORR-XXXX-XXXX-XXXX format). JwtStrategy enriches payload with license_id and permissions from roles. Multi-tenant isolation enforced at license access layer. Auth Module: - 9 REST endpoints (login, register, refresh, 2FA setup/verify, profile, password reset) - Argon2 password hashing, TOTP with QR code generation - Public endpoints: login, register, forgot-password, reset-password, validate-key - Authenticated endpoints require JWT Bearer token Users Module: - Admin CRUD for user management (requires users.view permission) - Password fields excluded from all responses Licenses Module: - License lookup with owner authorization - Public key validation endpoint for plugin verification - License key generation via random hex parts All DTOs use class-validator, all controllers documented via Swagger. Custom decorators: @Public(), @CurrentUser(), @RequirePermission(). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-15 21:13:57 -05:00

Author

SHA1

Message

Date

Vantz Stockwell

e849d7803c

fix: JWT tokens expire instantly + double /api prefix in analytics

Test Asgard Runner / test (push) Successful in 3s

Details

- Auth service used flat env var names (JWT_SECRET, JWT_ACCESS_EXPIRY_SECONDS)
  but @nestjs/config nests them under jwt.* — configService.get() returned
  undefined, so expiresIn was 0 and tokens expired on issue (iat === exp)
- JWT strategy had same bug for secretOrKey
- AnalyticsView passed /api/analytics/... to useApi which already prepends /api,
  resulting in /api/api/analytics/... (404)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-15 21:40:32 -05:00

Vantz Stockwell

8cd792eb75

feat: Implement NestJS Auth, Users, and Licenses modules

Complete authentication system with JWT, refresh tokens, and TOTP 2FA.
Auto-generates license keys on registration (CORR-XXXX-XXXX-XXXX format).
JwtStrategy enriches payload with license_id and permissions from roles.
Multi-tenant isolation enforced at license access layer.

Auth Module:
- 9 REST endpoints (login, register, refresh, 2FA setup/verify, profile, password reset)
- Argon2 password hashing, TOTP with QR code generation
- Public endpoints: login, register, forgot-password, reset-password, validate-key
- Authenticated endpoints require JWT Bearer token

Users Module:
- Admin CRUD for user management (requires users.view permission)
- Password fields excluded from all responses

Licenses Module:
- License lookup with owner authorization
- Public key validation endpoint for plugin verification
- License key generation via random hex parts

All DTOs use class-validator, all controllers documented via Swagger.
Custom decorators: @Public(), @CurrentUser(), @RequirePermission().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-15 21:13:57 -05:00

2 Commits