cartsnitch/auth
12
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
30 Commits 21 Branches 5 Tags
745baada901afb6d2c9c8d8c7c16ecc8bdd04c5b
Commit Graph

30 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
coupon-carl-ceo[bot] 745baada90 chore: trigger CI — GHCR package relink [CAR-732] 2026-04-20 14:36:46 +00:00
cartsnitch-engineer[bot] b7b57d91b1 Merge pull request #2 from cartsnitch/main 
feat: add CI workflow for build, push, and deploy
 2026-04-19 12:45:21 +00:00
Barcode Betty bacd92f05d feat: add CI workflow for build, push, and deploy 
- Build and push Docker image to GHCR on push to main/dev/uat
- Generate CalVer tags on main branch
- Auto-deploy to dev and uat overlays via infra repo

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-19 12:44:33 +00:00
cartsnitch-ceo[bot] b71f561a7f release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS) 
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
 2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot] b5638e7798 Merge pull request #225 from cartsnitch/dev 
Promote dev to UAT: bcrypt cost factor fix
 2026-04-19 00:04:07 +00:00
Barcode Betty c11a02773a fix: increase bcrypt cost factor from 10 to 12 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 21:50:09 +00:00
cartsnitch-ceo[bot] 1660fd338c chore: promote UAT to production (CAR-662, audit logging middleware) 
chore: promote UAT to production (CAR-662, audit logging middleware)
 2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot] 04f1022823 Merge branch 'main' into uat 2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot] b15c9cb4d8 Merge pull request #213 from cartsnitch/dev 
Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification
 2026-04-15 03:33:42 +00:00
Barcode Betty e433cea908 feat(auth): enable email verification with Resend 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 03:30:44 +00:00
cartsnitch-cto[bot] 90e65a3672 Merge pull request #211 from cartsnitch/dev 
Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)
 2026-04-15 03:22:50 +00:00
cartsnitch-ceo[bot] 9bfd17b82e chore: promote uat to production (Grype image vulnerability scanning) 
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.

- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-15 01:14:35 +00:00
Paperclip ee175e9b39 fix: upgrade bcrypt and filter unfixed CVEs in Grype scans 2026-04-15 00:51:53 +00:00
cartsnitch-cto[bot] 4f3e4588ea chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205) 
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
 2026-04-14 23:57:52 +00:00
cartsnitch-cto[bot] 61433acef5 fix: remediate high-severity CVEs in Docker images (#204) 
fix: remediate high-severity CVEs in Docker images
 2026-04-14 23:57:40 +00:00
Paperclip 6492f60f15 fix: remediate high-severity CVEs in Docker images 
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies

Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 23:51:42 +00:00
cartsnitch-cto[bot] bc482a588d Merge pull request #199 from cartsnitch/dev 
chore: promote dev to uat (auth health check DB connectivity fix)
 2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot] 097cb6e5e4 Merge pull request #198 from cartsnitch/fix/car-608-auth-health-check 
fix: restore DB connectivity check to auth health endpoint
 2026-04-14 16:39:18 +00:00
Paperclip c7366f6254 fix: restore DB connectivity check to auth health endpoint 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:35:24 +00:00
cartsnitch-cto[bot] ab1f9c26ab Merge pull request #197: promote dev to uat (auth config validation + vite audit fix) 
chore: promote dev to uat (auth config validation + vite audit fix)
 2026-04-14 16:19:27 +00:00
cartsnitch-cto[bot] 1627887d20 Merge pull request #187 from cartsnitch/fix/auth-config-validation 
fix: add startup validation to auth service config
 2026-04-14 16:19:13 +00:00
Paperclip 85edc5c410 fix: add startup validation to auth service config 
- Add DATABASE_URL validation after BETTER_AUTH_SECRET check
- Warn clearly when DATABASE_URL is not set (uses localhost default)
- Move pool declaration after validation blocks

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-14 16:03:37 +00:00
cartsnitch-ceo[bot] 9d41496f86 Release: domain tables migration + alembic fixes (UAT-verified) 
Merging to production after full SDLC sign-off:
- UAT PASS: CAR-518 (Deal Dottie)
- UAT PASS: CAR-522 (Deal Dottie)
- Security PASS: CAR-518 PR #145 (Stockboy Steve)
- Security PASS: CAR-522 PR #148 (Stockboy Steve)
- CEO review: Coupon Carl

CI: lint  test  audit  e2e
2026-04-05 02:55:12 +00:00
cartsnitch-qa[bot] 5c4f0d5c3b Merge pull request #116 from cartsnitch/dev 
Promote to UAT: fix(auth) trustedOrigins + latest dev
 2026-04-04 04:24:26 +00:00
cartsnitch-qa[bot] d26f25555a Merge pull request #115 from cartsnitch/betty/fix-uat-trustedorigins 
fix(auth): add UAT hostname to trustedOrigins
 2026-04-04 04:24:09 +00:00
Pawla Abdul bc091fc51b fix(auth): add UAT hostname to trustedOrigins 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 04:18:03 +00:00
cartsnitch-engineer[bot] be78b36702 fix(auth): add session table model mapping for plural table name 
Better-Auth defaults to singular "session" table name, but our DB uses
the plural "sessions" table (created by migration 002). Add modelName and
snake_case field mappings to match the existing pattern for user,
account, and verification models.

Co-authored-by: Stockboy Steve <steve@cartsnitch.com>
Co-authored-by: Paperclip <noreply@paperclip.ing>
Co-authored-by: cartsnitch-ceo[bot] <269712056+cartsnitch-ceo[bot]@users.noreply.github.com>
 2026-03-31 03:42:26 +00:00
Stockboy Steve 201606bef8 fix: generate auth/package-lock.json for Docker build 
The auth Dockerfile runs npm ci --omit=dev in the production stage
but there was no lock file, causing Docker build to fail.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-29 19:59:51 +00:00
Coupon Carl de3ee06259 fix: fail fast if BETTER_AUTH_SECRET is not set 
Remove hardcoded fallback secret that allowed sessions to be
signed with a well-known value if the env var was unset.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-28 10:03:39 +00:00
Coupon Carl 11245744b3 feat: migrate authentication to Better-Auth (Phase 1) 
Replace hand-rolled JWT auth with Better-Auth session-based authentication.

- Scaffold auth/ Node.js service with Better-Auth, bcrypt password compat,
  Postgres adapter mapped to existing users table
- Add Alembic migration (002) creating sessions, accounts, verifications
  tables and migrating password hashes to accounts table
- Update FastAPI auth dependency to validate sessions via shared DB
  (supports both cookie and Bearer token)
- Remove registration/login/refresh endpoints from API gateway (now
  handled by Better-Auth service)
- Update frontend to use better-auth/react client with httpOnly cookies
  (no tokens in localStorage or memory)
- Rewrite auth store, Login, Register, Dashboard, Settings, ProtectedRoute
  to use session-based auth
- Update all tests to create sessions directly in DB instead of JWT tokens

Resolves CAR-27
See plan: CAR-26#document-plan

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-03-28 04:46:10 +00:00