RainerWieland/spawner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59 Commits 1 Branch 0 Tags 7.4 MiB
be859ab77b
Commit Graph

7 Commits

Author SHA1 Message Date
XPS\Micro
1392316068 feat: implement multi-container deletion, DSGVO compliance, and toast notifications 
- Add CASCADE DELETE to MagicLinkToken and AdminTakeoverSession models
- Update admin_api.py to support multi-container deletion
- Add DSGVO-compliant user deletion (removes tokens and sessions)
- Integrate Sonner toast system in frontend
- Add bulk-operations UI (select, block, unblock, delete users)
- Implement two-step confirmation for critical actions
- Update TypeScript config for Set iteration
- Add comprehensive documentation in docs/guides/
 2026-02-02 17:19:48 +01:00
XPS\Micro
c59194e310 feat: add list-users action to debug API 
Debug API now supports 'list-users' action to view all registered users
without needing JWT authentication. Useful for quick debugging via
X-Debug-Token header.
 2026-02-01 17:04:58 +01:00
XPS\Micro
7b0d48ca32 feat: configure Flask file-based logging for debug API 
- Add rotating file handler to app.py for logging to /app/logs/spawner.log
- Configure max 10MB per file with 5 backup files
- Update admin_api.py debug endpoint to read from Flask log file
- Implement clear-logs functionality to truncate log file
- Update documentation with Flask log file details
- Creates log directory automatically if missing
 2026-02-01 15:51:24 +01:00
XPS\Micro
cbc60a08e4 fix: use docker logs instead of log file for debug API 2026-02-01 15:29:03 +01:00
XPS\Micro
95960ab7a9 add debug admin API for logs and database management 2026-02-01 13:41:28 +01:00
XPS\Micro
20a0f3d6af feat: Implement passwordless authentication with Magic Links 
Major changes:
- Remove username and password_hash from User model
- Add MagicLinkToken table for one-time-use email authentication
- Implement Magic Link email sending with 15-minute expiration
- Update all auth endpoints (/login, /signup) to use email only
- Create verify-signup and verify-login pages for token verification
- Container URLs now use slug instead of username (e.g., /u-a3f9c2d1)
- Add rate limiting: max 3 Magic Links per email per hour
- Remove password reset functionality (no passwords to reset)

Backend changes:
- api.py: Complete rewrite of auth routes (magic link based)
- models.py: Remove username/password, add slug and MagicLinkToken
- email_service.py: Add Magic Link generation and email sending
- admin_api.py: Remove password reset, update to use email identifiers
- container_manager.py: Use slug instead of username for routing
- config.py: Add MAGIC_LINK_TOKEN_EXPIRY and MAGIC_LINK_RATE_LIMIT

Frontend changes:
- src/lib/api.ts: Update auth functions and User interface
- src/hooks/use-auth.tsx: Implement verifySignup/verifyLogin
- src/app/login/page.tsx: Email-only login form
- src/app/signup/page.tsx: Email-only signup form
- src/app/verify-signup/page.tsx: NEW - Signup token verification
- src/app/verify-login/page.tsx: NEW - Login token verification
- src/app/dashboard/page.tsx: Display slug instead of username

Infrastructure:
- install.sh: Simplified, no migration needed (db.create_all handles it)
- .env.example: Add MAGIC_LINK_TOKEN_EXPIRY and MAGIC_LINK_RATE_LIMIT
- Add IMPLEMENTATION-GUIDE.md with detailed setup instructions

Security improvements:
- No password storage = no password breaches
- One-time-use tokens prevent replay attacks
- 15-minute token expiration limits attack window
- Rate limiting prevents email flooding

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
 2026-01-31 16:19:22 +01:00
XPS\Micro
d188115db4 Add admin features and email verification 
Backend:
- First registered user becomes admin automatically
- Email verification required before login
- Admin API with user management endpoints:
  - Block/unblock users
  - Reset passwords (sends email)
  - Delete user containers
  - Delete users
  - Resend verification emails
  - Takeover sessions (Phase 2 dummy)
- New decorators: @admin_required, @verified_required
- SMTP configuration for email sending
- UserState enum (registered/verified/active)
- Activity tracking (last_used field)

Frontend:
- Admin dashboard with color-coded user list
  - Green: active, recently used
  - Yellow: warning (unverified/inactive)
  - Red: critical (long unverified/very long inactive)
- Email verification flow (verify-success/verify-error pages)
- Signup shows verification instructions
- Login handles unverified accounts with resend option
- Admin link in dashboard header for admins

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-31 07:01:51 +01:00