feat: auth service + security audit fixes + cleanup legacy services
Major changes:
- Add auth-svc: JWT auth, register/login/refresh, password reset
- Add auth UI: modals, pages (/login, /register, /forgot-password)
- Add usage tracking (usage_metrics table, daily limits)
- Add tiered rate limiting (free/pro/business)
- Add LLM usage limits per tier
Security fixes:
- All repos now require userID for Update/Delete operations
- JWT middleware in chat-svc, llm-svc, agent-svc, discover-svc
- ErrNotFound/ErrForbidden errors for proper access control
Cleanup:
- Remove legacy TypeScript services/ directory
- Remove computer-svc (to be reimplemented)
- Remove old deploy/docker configs
New files:
- backend/cmd/auth-svc/main.go
- backend/internal/auth/{types,repository}.go
- backend/internal/usage/{types,repository}.go
- backend/pkg/middleware/{llm_limits,ratelimit_tiered}.go
- backend/webui/src/components/auth/*
- backend/webui/src/app/(auth)/*
Made-with: Cursor
This commit is contained in:
home
@@ -20,6 +20,7 @@ type Config struct {
|
||||
SearchSvcPort int
|
||||
LLMSvcPort int
|
||||
ScraperSvcPort int
|
||||
AdminSvcPort int
|
||||
|
||||
// Service URLs
|
||||
ChatSvcURL string
|
||||
@@ -29,6 +30,7 @@ type Config struct {
|
||||
ScraperSvcURL string
|
||||
MemorySvcURL string
|
||||
LibrarySvcURL string
|
||||
AdminSvcURL string
|
||||
|
||||
// External services
|
||||
SearXNGURL string
|
||||
@@ -44,6 +46,13 @@ type Config struct {
|
||||
FinanceHeatmapURL string
|
||||
LearningSvcURL string
|
||||
|
||||
// MinIO / S3 storage
|
||||
MinioEndpoint string
|
||||
MinioAccessKey string
|
||||
MinioSecretKey string
|
||||
MinioBucket string
|
||||
MinioUseSSL bool
|
||||
|
||||
// Auth
|
||||
JWTSecret string
|
||||
AuthSvcURL string
|
||||
@@ -88,6 +97,7 @@ func Load() (*Config, error) {
|
||||
SearchSvcPort: getEnvInt("SEARCH_SVC_PORT", 3001),
|
||||
LLMSvcPort: getEnvInt("LLM_SVC_PORT", 3020),
|
||||
ScraperSvcPort: getEnvInt("SCRAPER_SVC_PORT", 3021),
|
||||
AdminSvcPort: getEnvInt("ADMIN_SVC_PORT", 3040),
|
||||
|
||||
ChatSvcURL: getEnv("CHAT_SVC_URL", "http://localhost:3005"),
|
||||
AgentSvcURL: getEnv("MASTER_AGENTS_SVC_URL", "http://localhost:3018"),
|
||||
@@ -96,6 +106,7 @@ func Load() (*Config, error) {
|
||||
ScraperSvcURL: getEnv("SCRAPER_SVC_URL", "http://localhost:3021"),
|
||||
MemorySvcURL: getEnv("MEMORY_SVC_URL", ""),
|
||||
LibrarySvcURL: getEnv("LIBRARY_SVC_URL", "http://localhost:3009"),
|
||||
AdminSvcURL: getEnv("ADMIN_SVC_URL", "http://localhost:3040"),
|
||||
|
||||
SearXNGURL: getEnv("SEARXNG_URL", "http://searxng:8080"),
|
||||
SearXNGFallbackURL: strings.Split(getEnv("SEARXNG_FALLBACK_URL", ""), ","),
|
||||
@@ -110,6 +121,12 @@ func Load() (*Config, error) {
|
||||
FinanceHeatmapURL: getEnv("FINANCE_HEATMAP_SVC_URL", "http://localhost:3033"),
|
||||
LearningSvcURL: getEnv("LEARNING_SVC_URL", "http://localhost:3034"),
|
||||
|
||||
MinioEndpoint: getEnv("MINIO_ENDPOINT", "minio:9000"),
|
||||
MinioAccessKey: getEnv("MINIO_ACCESS_KEY", "minioadmin"),
|
||||
MinioSecretKey: getEnv("MINIO_SECRET_KEY", "minioadmin"),
|
||||
MinioBucket: getEnv("MINIO_BUCKET", "gooseek"),
|
||||
MinioUseSSL: getEnv("MINIO_USE_SSL", "false") == "true",
|
||||
|
||||
JWTSecret: getEnv("JWT_SECRET", ""),
|
||||
AuthSvcURL: getEnv("AUTH_SVC_URL", ""),
|
||||
|
||||
@@ -158,6 +175,10 @@ func getEnvInt(key string, defaultValue int) int {
|
||||
return defaultValue
|
||||
}
|
||||
|
||||
func GetEnvInt(key string, defaultValue int) int {
|
||||
return getEnvInt(key, defaultValue)
|
||||
}
|
||||
|
||||
func parseOrigins(s string) []string {
|
||||
if s == "*" {
|
||||
return []string{"*"}
|
||||
|
||||
Reference in New Issue
Block a user