mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 21:01:08 +02:00
5635598a58
managarten redet jetzt nicht mehr direkt mit Better-Auth — Login,
Register, Passwort-Reset, 2FA-Verify, Magic-Link, Passkey-Login laufen
ALLE über `auth.mana.how` (mana-auth-web portal). managarten ist nur
noch Consumer einer existierenden Session.
## Architektur
- Unauthenticated: `redirectToPortal({ next })` macht hartes Redirect zu
`auth.mana.how/login?app=mana&redirect=<callback>`. AuthGate
(`(app)/+layout.svelte`) und `require-auth` triggern das.
- Nach Login: Portal setzt SSO-Cookie auf `.mana.how`. Browser landet
auf `/auth/callback?next=<deep-link>`.
- Callback: `session.tryRefresh()` holt frischen JWT via Cookie,
`loadUserFromToken()` setzt User, `goto(next)` renderet (app)-Layout
mit unlocked Vault (Root-Layout-$effect feuert auf User-ID-Wechsel).
## Files
NEU:
- `lib/auth/portal-redirect.ts` — Helper für Portal-URL-Bau + hard redirect.
- `lib/auth/session.svelte.ts` — schlanke Session-Klasse: Token-Refresh
via SSO-Cookie, ensureFresh, signOut. Storage: `mana.auth.accessToken`,
`mana.auth.user`.
- `lib/auth/settings-client.ts` — Passkey-CRUD, 2FA-Setup, Sessions,
Audit-Events. Pflegt keinen State, ruft direkt mana-auth API.
GELÖSCHT:
- `routes/(auth)/login|register|forgot-password|reset-password|+layout`
- `routes/auth/reset-password` (war Alias-Redirect)
- Komplette `(auth)` route group.
UMGESCHRIEBEN:
- `lib/stores/auth.svelte.ts` — re-exportiert `session` als `authStore`
(keine 47-Methoden-Factory aus `@mana/shared-auth-ui` mehr).
- `routes/auth/callback/+page.svelte` — Token-Refresh + Deep-Link statt
Legacy-Supabase-Stub.
- `lib/components/settings/sections/SecuritySection.svelte` — alle
`authStore.registerPasskey/enableTwoFactor/...` Calls auf neuen
`settings-client` umgelenkt. UI-Komponenten (PasskeyManager,
TwoFactorSetup, …) aus `@mana/shared-auth-ui` bleiben — sind reine
Render-Components.
ANGEPASST (Portal-Redirect statt `goto('/login')`):
- `(app)/+layout.svelte`, `RouteTierGate`, `email-verified`,
`verification-failed`, `feedback/+layout`, `quotes/lists`,
`quotes/favorites`, `citycorners/favorites`, `feedback/DetailView`,
`feedback/ListView`, `profile/ListView`, `guest-prompt`,
`require-auth.svelte.ts`.
ENV:
- `.env.development`: `MANA_AUTH_WEB_URL=http://localhost:3002`.
- `scripts/generate-env.mjs`: schreibt `PUBLIC_MANA_AUTH_URL` +
`PUBLIC_AUTH_WEB_URL` ins `apps/mana/apps/web/.env`.
## Status
- `pnpm run check`: 0 errors, 0 warnings, 7672 files.
- `pnpm build` (8 GB heap): grün.
- E2E lokal + Production-Deploy stehen aus — Plan siehe
`mana/docs/playbooks/MANAGARTEN_AUTH_PORTAL_MIGRATION.md`.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| demo/personas/chor-taegerwilen | ||
| dev | ||
| mac-mini | ||
| personas | ||
| test-data | ||
| test-reporting | ||
| audit-bundle.mjs | ||
| audit-complexity.mjs | ||
| audit-crypto-registry.mjs | ||
| audit-encrypted-tools.ts | ||
| audit-i18n-coverage.mjs | ||
| audit-icon-usage.mjs | ||
| audit-module-coupling.mjs | ||
| audit-modules.mjs | ||
| audit-port-drift.mjs | ||
| audit-test-coverage.mjs | ||
| audit-workspace-deps.mjs | ||
| backup-monitoring.sh | ||
| build-complexity-map.mjs | ||
| check-status.sh | ||
| create-gift-codes.mjs | ||
| deploy-metrics.sh | ||
| ecosystem-audit.mjs | ||
| fix-mixed-imports.mjs | ||
| generate-dockerfiles.mjs | ||
| generate-env.mjs | ||
| generate-status-page.sh | ||
| i18n-hardcoded-baseline.json | ||
| i18n-missing-baseline.json | ||
| lighthouse-audit.sh | ||
| migrate-theme-tokens.mjs | ||
| migrate-transition-all.mjs | ||
| run-integration-tests.sh | ||
| run-tests-with-coverage.sh | ||
| setup-databases.sh | ||
| setup-secrets.mjs | ||
| test-chat-auth.sh | ||
| validate-cloudflared-config.mjs | ||
| validate-dockerfiles.mjs | ||
| validate-i18n-keys.mjs | ||
| validate-i18n-parity.mjs | ||
| validate-llm-strings.mjs | ||
| validate-monorepo.mjs | ||
| validate-no-hardcoded-strings.mjs | ||
| validate-no-recursive-turbo.mjs | ||
| validate-pg-schema-isolation.mjs | ||
| validate-theme-parity.mjs | ||
| validate-theme-utilities.mjs | ||
| validate-theme-variables.mjs | ||
| validate-tier-patches.mjs | ||