47 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Savannah Savings	359d108fee	Merge pull request 'ci: use REGISTRY_TOKEN for docker login (CAR-1024)' (#24) from car-1023-use-registry-token into dev	2026-05-24 20:52:35 +00:00
Barcode Betty	f0291e8827	ci: use REGISTRY_TOKEN instead of GITEA_TOKEN for docker login (CAR-1024) ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-24 20:46:48 +00:00
Savannah Savings	9e6dfe1f9c	Merge pull request 'fix: update trustedOrigins to match current domains' (#18) from cs_betty/auth:car992-fix into dev ... fix: update trustedOrigins to match current domains (#18) Refs: CAR-992	2026-05-23 20:55:32 +00:00
Barcode Betty	9ae3161860	fix: update trustedOrigins to match current domains ... Replace stale .farh.net subdomains with correct *.cartsnitch.com domains to fix CORS Origin validation blocking UAT auth (403 on sign-up/sign-in). Refs: CAR-992 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 20:43:31 +00:00
Savannah Savings	c1c89e4206	Merge pull request 'ci: switch Docker image push from GHCR to Gitea container registry' (#12) from barcode-betty/car-959-gitea-registry into dev ... ci: switch Docker image push from GHCR to Gitea container registry (#12)	2026-05-23 15:25:44 +00:00
Flea Flicker	6d6c872962	ci: switch Docker image push from GHCR to Gitea container registry ... - REGISTRY: ghcr.io -> git.farh.net - Renamed login step to Gitea Container Registry - kustomize rename form: ghcr.io/cartsnitch/auth=git.farh.net/cartsnitch/auth:TAG - Removed GHA cache-from/cache-to (not guaranteed on Gitea runners) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 15:15:07 +00:00
Savannah Savings	ebfefd6970	Merge pull request 'chore: move workflows from .github to .gitea' (#9) from barcode-betty/move-workflows-to-gitea into dev ... chore: move workflows from .github to .gitea (#9) Merge PR: barcode-betty/move-workflows-to-gitea -> dev Reviewed-by: Savannah Savings (CTO) QA-by: Checkout Charlie	2026-05-21 13:45:52 +00:00
Flea Flicker	8bf7c08950	chore: move workflows from .github to .gitea ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 12:33:43 +00:00
Barcode Betty	f2a2673061	Merge pull request 'fix: use GITEA_TOKEN for GHCR login in Gitea Actions (CAR-892)' (#7) from betty/car-892-gitea-actions-ghcr-auth into dev	2026-05-21 11:33:27 +00:00
Barcode Betty	dad3132fdb	fix: use GITEA_TOKEN for GHCR login in Gitea Actions ... Replace ${{ secrets.GITHUB_TOKEN }} with ${{ secrets.GITEA_TOKEN }} for docker/login-action in Gitea Actions. GITHUB_TOKEN is not available in Gitea Actions and was causing 'authentication required' failures for ghcr.io push, leaving the auth service with a stale image on UAT. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 11:30:57 +00:00
Savannah Savings	934397a073	Merge pull request 'ci: promote Gitea Actions workflow changes to UAT' (#6) from dev into uat ... ci: promote Gitea Actions workflow changes to UAT (#6)	2026-05-21 11:11:55 +00:00
Savannah Savings	80093752ae	Merge pull request 'ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)' (#5) from betty/car-869-gitea-actions-auth into dev ... ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) (#5)	2026-05-21 11:11:20 +00:00
Flea Flicker	791ac3156f	ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) ... - Replace runs-on: runners-cartsnitch with runs-on: ubuntu-latest (3 jobs) - Remove actions/create-github-app-token step from deploy-dev and deploy-uat - Replace token in infra checkout with secrets.GITEA_TOKEN Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 04:01:09 +00:00
coupon-carl-ceo[bot]	7e89ab72bd	Merge pull request #3 from cartsnitch/dev ... chore: promote dev to uat — auth repo migration complete	2026-04-21 02:20:16 +00:00
coupon-carl-ceo[bot]	0409730d8c	Merge pull request #1 from cartsnitch/add-ci-grype ... Add CI workflow and Grype CVE ignores	2026-04-21 02:19:55 +00:00
coupon-carl-ceo[bot]	35dc518c53	chore: recreate GHCR package linked to cartsnitch/auth [CAR-732]	2026-04-21 02:15:46 +00:00
coupon-carl-ceo[bot]	745baada90	chore: trigger CI — GHCR package relink [CAR-732]	2026-04-20 14:36:46 +00:00
Barcode Betty	6ac7350d75	Add CI workflow and Grype CVE ignores ... - Add .github/workflows/ci.yml with build/push and deploy-dev/uat jobs - Add .grype.yaml with Python 3.12 CVE ignores Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 12:57:52 +00:00
cartsnitch-engineer[bot]	b7b57d91b1	Merge pull request #2 from cartsnitch/main ... feat: add CI workflow for build, push, and deploy	2026-04-19 12:45:21 +00:00
Barcode Betty	bacd92f05d	feat: add CI workflow for build, push, and deploy ... - Build and push Docker image to GHCR on push to main/dev/uat - Generate CalVer tags on main branch - Auto-deploy to dev and uat overlays via infra repo Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-19 12:44:33 +00:00
cartsnitch-ceo[bot]	b71f561a7f	release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS) ... release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)	2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot]	b5638e7798	Merge pull request #225 from cartsnitch/dev ... Promote dev to UAT: bcrypt cost factor fix	2026-04-19 00:04:07 +00:00
Barcode Betty	c11a02773a	fix: increase bcrypt cost factor from 10 to 12 ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 21:50:09 +00:00
cartsnitch-ceo[bot]	1660fd338c	chore: promote UAT to production (CAR-662, audit logging middleware) ... chore: promote UAT to production (CAR-662, audit logging middleware)	2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot]	04f1022823	Merge branch 'main' into uat	2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot]	b15c9cb4d8	Merge pull request #213 from cartsnitch/dev ... Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification	2026-04-15 03:33:42 +00:00
Barcode Betty	e433cea908	feat(auth): enable email verification with Resend ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 03:30:44 +00:00
cartsnitch-cto[bot]	90e65a3672	Merge pull request #211 from cartsnitch/dev ... Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)	2026-04-15 03:22:50 +00:00
cartsnitch-ceo[bot]	9bfd17b82e	chore: promote uat to production (Grype image vulnerability scanning) ... Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production. - CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images - Dockerfile hardening: apt-get/apk upgrade in all build and prod stages - UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 01:14:35 +00:00
Paperclip	ee175e9b39	fix: upgrade bcrypt and filter unfixed CVEs in Grype scans	2026-04-15 00:51:53 +00:00
cartsnitch-cto[bot]	4f3e4588ea	chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) ... chore: promote dev to UAT (CAR-616 Docker CVE remediation)	2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot]	61433acef5	fix: remediate high-severity CVEs in Docker images (#204) ... fix: remediate high-severity CVEs in Docker images	2026-04-14 23:57:40 +00:00
Paperclip	6492f60f15	fix: remediate high-severity CVEs in Docker images ... - Add apk upgrade to frontend Dockerfile (build + prod stages) - Add apk upgrade to auth Dockerfile (build + runtime stages) - Add apt-get upgrade to api Dockerfile (build + prod stages) - Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages) - Run npm audit fix for frontend and auth dependencies Refs: CAR-616 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 23:51:42 +00:00
cartsnitch-cto[bot]	bc482a588d	Merge pull request #199 from cartsnitch/dev ... chore: promote dev to uat (auth health check DB connectivity fix)	2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot]	097cb6e5e4	Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check ... fix: restore DB connectivity check to auth health endpoint	2026-04-14 16:39:18 +00:00
Paperclip	c7366f6254	fix: restore DB connectivity check to auth health endpoint ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 16:35:24 +00:00
cartsnitch-cto[bot]	ab1f9c26ab	Merge pull request #197: promote dev to uat (auth config validation + vite audit fix) ... chore: promote dev to uat (auth config validation + vite audit fix)	2026-04-14 16:19:27 +00:00
cartsnitch-cto[bot]	1627887d20	Merge pull request #187 from cartsnitch/fix/auth-config-validation ... fix: add startup validation to auth service config	2026-04-14 16:19:13 +00:00
Paperclip	85edc5c410	fix: add startup validation to auth service config ... - Add DATABASE_URL validation after BETTER_AUTH_SECRET check - Warn clearly when DATABASE_URL is not set (uses localhost default) - Move pool declaration after validation blocks Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-14 16:03:37 +00:00
cartsnitch-ceo[bot]	9d41496f86	Release: domain tables migration + alembic fixes (UAT-verified) ... Merging to production after full SDLC sign-off: - UAT PASS: CAR-518 (Deal Dottie) - UAT PASS: CAR-522 (Deal Dottie) - Security PASS: CAR-518 PR #145 (Stockboy Steve) - Security PASS: CAR-522 PR #148 (Stockboy Steve) - CEO review: Coupon Carl CI: lint ✅ test ✅ audit ✅ e2e ✅	2026-04-05 02:55:12 +00:00
cartsnitch-qa[bot]	5c4f0d5c3b	Merge pull request #116 from cartsnitch/dev ... Promote to UAT: fix(auth) trustedOrigins + latest dev	2026-04-04 04:24:26 +00:00
cartsnitch-qa[bot]	d26f25555a	Merge pull request #115 from cartsnitch/betty/fix-uat-trustedorigins ... fix(auth): add UAT hostname to trustedOrigins	2026-04-04 04:24:09 +00:00
Pawla Abdul	bc091fc51b	fix(auth): add UAT hostname to trustedOrigins ... Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-04 04:18:03 +00:00
cartsnitch-engineer[bot]	be78b36702	fix(auth): add session table model mapping for plural table name ... Better-Auth defaults to singular "session" table name, but our DB uses the plural "sessions" table (created by migration 002). Add modelName and snake_case field mappings to match the existing pattern for user, account, and verification models. Co-authored-by: Stockboy Steve <steve@cartsnitch.com> Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: cartsnitch-ceo[bot] <269712056+cartsnitch-ceo[bot]@users.noreply.github.com>	2026-03-31 03:42:26 +00:00
Stockboy Steve	201606bef8	fix: generate auth/package-lock.json for Docker build ... The auth Dockerfile runs npm ci --omit=dev in the production stage but there was no lock file, causing Docker build to fail. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-29 19:59:51 +00:00
Coupon Carl	de3ee06259	fix: fail fast if BETTER_AUTH_SECRET is not set ... Remove hardcoded fallback secret that allowed sessions to be signed with a well-known value if the env var was unset. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 10:03:39 +00:00
Coupon Carl	11245744b3	feat: migrate authentication to Better-Auth (Phase 1) ... Replace hand-rolled JWT auth with Better-Auth session-based authentication. - Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat, Postgres adapter mapped to existing users table - Add Alembic migration (002) creating sessions, accounts, verifications tables and migrating password hashes to accounts table - Update FastAPI auth dependency to validate sessions via shared DB (supports both cookie and Bearer token) - Remove registration/login/refresh endpoints from API gateway (now handled by Better-Auth service) - Update frontend to use better-auth/react client with httpOnly cookies (no tokens in localStorage or memory) - Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute to use session-based auth - Update all tests to create sessions directly in DB instead of JWT tokens Resolves CAR-27 See plan: CAR-26#document-plan Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-28 04:46:10 +00:00