maxbirkin/gooseek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: auth service + security audit fixes + cleanup legacy services

Browse Source 
Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier

Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control

Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs

New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*

Made-with: Cursor
This commit is contained in:
home
2026-02-28 01:33:49 +03:00
parent 120fbbaafb
commit a0e3748dde
523 changed files with 10776 additions and 59630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
backend/internal/db/space_repo.go
View File

@@ -139,7 +139,7 @@ func (r *SpaceRepository) GetByUserID(ctx context.Context, userID string) ([]*Sp
return spaces, nil
}
func (r *SpaceRepository) Update(ctx context.Context, s *Space) error {
func (r *SpaceRepository) Update(ctx context.Context, s *Space, userID string) error {
settingsJSON, _ := json.Marshal(s.Settings)
query := `
@@ -147,17 +147,31 @@ func (r *SpaceRepository) Update(ctx context.Context, s *Space) error {
SET name = $2, description = $3, icon = $4, color = $5,
custom_instructions = $6, default_focus_mode = $7, default_model = $8,
is_public = $9, settings = $10, updated_at = NOW()
WHERE id = $1
WHERE id = $1 AND user_id = $11
`
_, err := r.db.db.ExecContext(ctx, query,
result, err := r.db.db.ExecContext(ctx, query,
s.ID, s.Name, s.Description, s.Icon, s.Color,
s.CustomInstructions, s.DefaultFocusMode, s.DefaultModel,
s.IsPublic, settingsJSON,
s.IsPublic, settingsJSON, userID,
)
return err
if err != nil {
return err
}
rows, _ := result.RowsAffected()
if rows == 0 {
return ErrNotFound
}
return nil
}
func (r *SpaceRepository) Delete(ctx context.Context, id string) error {
_, err := r.db.db.ExecContext(ctx, "DELETE FROM spaces WHERE id = $1", id)
return err
func (r *SpaceRepository) Delete(ctx context.Context, id, userID string) error {
result, err := r.db.db.ExecContext(ctx, "DELETE FROM spaces WHERE id = $1 AND user_id = $2", id, userID)
if err != nil {
return err
}
rows, _ := result.RowsAffected()
if rows == 0 {
return ErrNotFound
}
return nil
}