coop/rose-ash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27 Commits 9 Branches 0 Tags
07cae101ad1af511fe063e7441ca64495a2a271d
Commit Graph

5 Commits

Author SHA1 Message Date
giles
f1d80a1777 L2: verify auth state with account on each request 
When user has artdag_session cookie, periodically (every 30s) check
account's /auth/internal/check-device endpoint. If account says the
device is no longer active (SSO logout), clear the cookie immediately.
Prevents stale sign-in after logging out from another app.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-25 01:42:09 +00:00
giles
0e14d2761a Fix L2 deployment: healthcheck, DB deadlock, CI image resolution 
- Add /health endpoint (returns 200, skips auth middleware)
- Healthcheck now hits /health instead of / (which 302s to OAuth)
- Advisory lock in db.init_pool() prevents deadlock when 4 uvicorn
  workers race to run schema DDL
- CI: --resolve-image always on docker stack deploy to force re-pull

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-25 01:35:11 +00:00
giles
3dde4e79ab Add OAuth SSO, device ID, and silent auth to L2 
- Replace L2's username/password auth with OAuth SSO via account.rose-ash.com
- Add device_id middleware (artdag_did cookie)
- Add silent auth check (prompt=none with 5-min cooldown)
- Add OAuth config settings and itsdangerous dependency

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 23:50:31 +00:00
giles
a5717ec4d4 Fall back to username for auth-menu email param 
Existing sessions have email=None since the field was just added.
Username IS the email in Art-DAG (OAuth returns user.email as username).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 23:39:19 +00:00
giles
44694da76f Import L2 (activity-pub) as l2/ 2026-02-24 23:07:31 +00:00