feat: auth service + security audit fixes + cleanup legacy services
Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier
Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control
Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs
New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*
Made-with: Cursor
This commit is contained in:
home
@@ -153,8 +153,11 @@ func main() {
|
||||
return c.Status(403).JSON(fiber.Map{"error": "Access denied"})
|
||||
}
|
||||
|
||||
items, err := collectionRepo.GetItems(c.Context(), collectionID)
|
||||
items, err := collectionRepo.GetItems(c.Context(), collectionID, userID)
|
||||
if err != nil {
|
||||
if err == db.ErrForbidden {
|
||||
return c.Status(403).JSON(fiber.Map{"error": "Access denied"})
|
||||
}
|
||||
return c.Status(500).JSON(fiber.Map{"error": "Failed to get items"})
|
||||
}
|
||||
collection.Items = items
|
||||
@@ -195,7 +198,10 @@ func main() {
|
||||
collection.IsPublic = req.IsPublic
|
||||
collection.ContextEnabled = req.ContextEnabled
|
||||
|
||||
if err := collectionRepo.Update(c.Context(), collection); err != nil {
|
||||
if err := collectionRepo.Update(c.Context(), collection, userID); err != nil {
|
||||
if err == db.ErrNotFound {
|
||||
return c.Status(404).JSON(fiber.Map{"error": "Collection not found"})
|
||||
}
|
||||
return c.Status(500).JSON(fiber.Map{"error": "Failed to update collection"})
|
||||
}
|
||||
|
||||
@@ -210,16 +216,10 @@ func main() {
|
||||
collectionID := c.Params("id")
|
||||
userID := middleware.GetUserID(c)
|
||||
|
||||
collection, err := collectionRepo.GetByID(c.Context(), collectionID)
|
||||
if err != nil || collection == nil {
|
||||
return c.Status(404).JSON(fiber.Map{"error": "Collection not found"})
|
||||
}
|
||||
|
||||
if collection.UserID != userID {
|
||||
return c.Status(403).JSON(fiber.Map{"error": "Access denied"})
|
||||
}
|
||||
|
||||
if err := collectionRepo.Delete(c.Context(), collectionID); err != nil {
|
||||
if err := collectionRepo.Delete(c.Context(), collectionID, userID); err != nil {
|
||||
if err == db.ErrNotFound {
|
||||
return c.Status(404).JSON(fiber.Map{"error": "Collection not found"})
|
||||
}
|
||||
return c.Status(500).JSON(fiber.Map{"error": "Failed to delete collection"})
|
||||
}
|
||||
|
||||
@@ -293,7 +293,10 @@ func main() {
|
||||
return c.Status(403).JSON(fiber.Map{"error": "Access denied"})
|
||||
}
|
||||
|
||||
if err := collectionRepo.RemoveItem(c.Context(), itemID); err != nil {
|
||||
if err := collectionRepo.RemoveItem(c.Context(), itemID, userID); err != nil {
|
||||
if err == db.ErrNotFound {
|
||||
return c.Status(404).JSON(fiber.Map{"error": "Item not found"})
|
||||
}
|
||||
return c.Status(500).JSON(fiber.Map{"error": "Failed to remove item"})
|
||||
}
|
||||
|
||||
@@ -321,7 +324,7 @@ func main() {
|
||||
return c.JSON(fiber.Map{"context": "", "enabled": false})
|
||||
}
|
||||
|
||||
context, err := collectionRepo.GetCollectionContext(c.Context(), collectionID)
|
||||
context, err := collectionRepo.GetCollectionContext(c.Context(), collectionID, userID)
|
||||
if err != nil {
|
||||
return c.Status(500).JSON(fiber.Map{"error": "Failed to get context"})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user