Skip to content

05-07-2025

Pre-release
Pre-release

Choose a tag to compare

View all tags
@fulleni fulleni released this 05 Jul 18:15
· 726 commits to main since this release
05-07-2025
671691f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🛡️ Major Authentication & Role Management Overhaul

This release introduces a fundamental refactor of our API's security and user management model. We have transitioned from a single-role assignment to a flexible, multi-role architecture, enabling more granular and powerful access control.

Building on this, we've implemented a context-aware authentication flow that hardens security for the administrative dashboard. Instead of a sign-up process, dashboard access is now strictly limited to pre-existing users with privileged roles, preventing unauthorized access attempts at the earliest stage.

✨ Key Features & Enhancements

Enhanced Role-Based Access Control (RBAC)

  • Multi-Role Architecture: The core system has been re-engineered to support multiple roles per user. A user can now simultaneously be a standardUser, a publisher, and more, allowing for precise permission management.
  • Granular Permission Checks: The PermissionService now leverages the new multi-role system, checking a user's entire list of roles to determine access rights. A new publisher role with content creation permissions has also been introduced.
  • JWT Claims Update: JSON Web Tokens (JWTs) issued by the API now include a complete list of a user's roles, providing client applications with all the necessary information for authorization.

Secure, Context-Aware Authentication

  • Hardened Dashboard Login: The authentication flow is now context-aware. Login attempts to the dashboard (using an is_dashboard_login: true flag) now trigger a strict pre-validation check. This ensures the user's email is already registered and that they possess the required admin or publisher role before an authentication code is sent. This prevents unauthorized users from even initiating a login to the dashboard.
  • Streamlined User Creation: Legacy logic for migrating anonymous guest accounts has been removed from the user creation process, simplifying the overall authentication service and making it more robust.

🔧 Developer Experience & Code Quality

  • Admin User Seeding: To simplify local development and testing, the API now automatically seeds the user repository with a default admin@example.com user on application startup.
  • Refactored Auth Service: The AuthService has been refactored to centralize and de-duplicate user retrieval logic, improving code maintainability and reusability.
  • Documentation Updates: The README.md has been updated to detail the new "Flexible Role-Based Access Control (RBAC)" and "Secure Authentication" features.
Assets 2
Loading