5 Commits

Author	SHA1	Message	Date
giles	f1d80a1777	L2: verify auth state with account on each request ... When user has artdag_session cookie, periodically (every 30s) check account's /auth/internal/check-device endpoint. If account says the device is no longer active (SSO logout), clear the cookie immediately. Prevents stale sign-in after logging out from another app. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-25 01:42:09 +00:00
giles	0e14d2761a	Fix L2 deployment: healthcheck, DB deadlock, CI image resolution ... - Add /health endpoint (returns 200, skips auth middleware) - Healthcheck now hits /health instead of / (which 302s to OAuth) - Advisory lock in db.init_pool() prevents deadlock when 4 uvicorn workers race to run schema DDL - CI: --resolve-image always on docker stack deploy to force re-pull Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-25 01:35:11 +00:00
giles	3dde4e79ab	Add OAuth SSO, device ID, and silent auth to L2 ... - Replace L2's username/password auth with OAuth SSO via account.rose-ash.com - Add device_id middleware (artdag_did cookie) - Add silent auth check (prompt=none with 5-min cooldown) - Add OAuth config settings and itsdangerous dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-24 23:50:31 +00:00
giles	a5717ec4d4	Fall back to username for auth-menu email param ... Existing sessions have email=None since the field was just added. Username IS the email in Art-DAG (OAuth returns user.email as username). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-24 23:39:19 +00:00
giles	44694da76f	Import L2 (activity-pub) as l2/	2026-02-24 23:07:31 +00:00