managarten

till/managarten

Fork 0

mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-16 04:39:39 +02:00

Commit graph

Author	SHA1	Message	Date
Till JS	4318948980	feat(mana-auth): add guilds, api-keys, me, security, auth routes Complete the mana-auth Hono service with all remaining endpoints from mana-core-auth. Added: - routes/auth.ts: Full auth flow (register, login, logout, validate, password reset, profile, change-password, account deletion, security events) with lockout + security event logging - routes/guilds.ts: Guild CRUD, member management, invitations (delegates to Better Auth org plugin + mana-credits for pools) - routes/api-keys.ts: API key generation, listing, revocation, validation (sk_live_* format, SHA-256 hashed) - routes/me.ts: GDPR data export/delete (Articles 17 & 20) - services/security.ts: SecurityEventsService (fire-and-forget audit) + AccountLockoutService (5 failures/15min → 30min lockout) - services/api-keys.ts: Key generation, validation, scope checks Updated: - index.ts: Wire all routes with proper middleware (JWT, service auth) Service now has ~1,900 LOC covering all functionality from the original ~11,500 LOC NestJS mana-core-auth (83% reduction). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 02:57:22 +01:00
Till JS	61ee1ae269	feat(services): create mana-auth (Hono + Bun) — Phase 5 auth rewrite Rewrite the central authentication service from NestJS to Hono + Bun. Uses Better Auth's native fetch-based handler — no Express conversion. Key architecture changes: - Better Auth handler mounted directly on Hono (app.all('/api/auth/*')) - No NestJS DI, modules, guards, decorators — plain TypeScript - JWT validation via jose (same as extracted services) - Email via nodemailer (simplified, German templates) - ~1,400 LOC vs ~11,500 LOC in NestJS (88% reduction) Service structure: - auth/better-auth.config.ts — copied from mana-core-auth (framework-agnostic) - auth/stores.ts — in-memory stores for email redirect URLs - email/send.ts — nodemailer email functions - middleware/ — JWT auth, service auth, error handler (shared pattern) - db/schema/ — copied from mana-core-auth (Drizzle, framework-agnostic) Port: 3001 (same as mana-core-auth — drop-in replacement) Database: mana_auth (same DB, same schemas) Better Auth plugins: Organization, JWT (EdDSA), OIDC Provider, Two-Factor (TOTP), Magic Link Note: This is the initial version. Guilds, API keys, Me (GDPR), security (lockout/audit), and admin endpoints will be added incrementally. The old mana-core-auth remains until fully replaced. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 02:43:44 +01:00

Author

SHA1

Message

Date

Till JS

4318948980

feat(mana-auth): add guilds, api-keys, me, security, auth routes

Complete the mana-auth Hono service with all remaining endpoints
from mana-core-auth.

Added:
- routes/auth.ts: Full auth flow (register, login, logout, validate,
  password reset, profile, change-password, account deletion,
  security events) with lockout + security event logging
- routes/guilds.ts: Guild CRUD, member management, invitations
  (delegates to Better Auth org plugin + mana-credits for pools)
- routes/api-keys.ts: API key generation, listing, revocation,
  validation (sk_live_* format, SHA-256 hashed)
- routes/me.ts: GDPR data export/delete (Articles 17 & 20)
- services/security.ts: SecurityEventsService (fire-and-forget audit)
  + AccountLockoutService (5 failures/15min → 30min lockout)
- services/api-keys.ts: Key generation, validation, scope checks

Updated:
- index.ts: Wire all routes with proper middleware (JWT, service auth)

Service now has ~1,900 LOC covering all functionality from the
original ~11,500 LOC NestJS mana-core-auth (83% reduction).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 02:57:22 +01:00

Till JS

61ee1ae269

feat(services): create mana-auth (Hono + Bun) — Phase 5 auth rewrite

Rewrite the central authentication service from NestJS to Hono + Bun.
Uses Better Auth's native fetch-based handler — no Express conversion.

Key architecture changes:
- Better Auth handler mounted directly on Hono (app.all('/api/auth/*'))
- No NestJS DI, modules, guards, decorators — plain TypeScript
- JWT validation via jose (same as extracted services)
- Email via nodemailer (simplified, German templates)
- ~1,400 LOC vs ~11,500 LOC in NestJS (88% reduction)

Service structure:
- auth/better-auth.config.ts — copied from mana-core-auth (framework-agnostic)
- auth/stores.ts — in-memory stores for email redirect URLs
- email/send.ts — nodemailer email functions
- middleware/ — JWT auth, service auth, error handler (shared pattern)
- db/schema/ — copied from mana-core-auth (Drizzle, framework-agnostic)

Port: 3001 (same as mana-core-auth — drop-in replacement)
Database: mana_auth (same DB, same schemas)

Better Auth plugins: Organization, JWT (EdDSA), OIDC Provider,
Two-Factor (TOTP), Magic Link

Note: This is the initial version. Guilds, API keys, Me (GDPR),
security (lockout/audit), and admin endpoints will be added
incrementally. The old mana-core-auth remains until fully replaced.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-28 02:43:44 +01:00

2 commits