-
Notifications
You must be signed in to change notification settings - Fork 7
feat(user-api): User API — platform accounts & self-service API keys (backend) #2044
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
brunod-e
wants to merge
23
commits into
dev
Choose a base branch
from
feat/user-api
base: dev
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
ff45872
feat(user-api): scaffold user identity service with better-auth SIWE
brunod-e d9e042a
feat(user-api): user-scoped draft proposals behind SIWE sessions
brunod-e 562c6c6
feat(user-api): resolve better-auth instance from x-forwarded-host
brunod-e 52e20ab
chore: changeset for user-api service
brunod-e 83e8429
feat(user-api): add magic-link and Google sign-in (env-gated)
brunod-e c457bb2
chore(infra): add Railway build config for the user-api service
brunod-e 5aaa6ac
fix(user-api): resolve SIWE host from x-anticapture-host first
brunod-e 6fb93cf
docs(user-api): correct BETTER_AUTH_URL guidance + track .env.example
brunod-e bc8bc23
refactor(user-api): derive better-auth baseURL per host, drop BETTER_…
brunod-e bffe89e
feat(user-api): expose enabled sign-in methods at GET /auth/methods
brunod-e b1c8e28
feat(api)!: absorb the drafts cutover, scoped Authful provisioning an…
brunod-e 27f94c9
fix(user-api): send magic links through an interstitial page, not the…
brunod-e 0bb8e90
fix(user-api): address codex review — claim on every path, atomic quo…
brunod-e 845d698
fix(user-api): require the JSON body on POST /me/api-keys
brunod-e d6a1cc3
fix(authful): accept absent optional secrets under zod v4
brunod-e a3e39ec
revert(api): keep the DAO-API draft routes until the dashboard cutove…
brunod-e ffd990a
feat(user-api): sign-in from Vercel preview links (Railway PR envs only)
brunod-e d9b3e25
refactor(user-api): drop the preview test-credential login, keep dyna…
brunod-e 504f974
feat(user-api): copy provider profile onto the user on account link
brunod-e 20f461b
refactor(user-api): apply /simplify review cleanups
brunod-e 5b1c3c3
fix: address codex and reviewer feedback on the user-api PR
brunod-e d39173e
chore: group public token metrics by single tenant
pikonha dd6bfb4
chore: remove ts ingore any
pikonha File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| "@anticapture/authful": patch | ||
| --- | ||
|
|
||
| Self-service (`user:*`) API keys: the internal token validation metric buckets the per-user tenant label as `user:*` so the Prometheus series set stays bounded, matching Gateful's usage metric. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| --- | ||
| "@anticapture/gateful": patch | ||
| --- | ||
|
|
||
| Self-service (`user:*`) API keys: usage metrics bucket the per-user tenant label as `user:*` so the Prometheus series set stays bounded, and cached positive token verdicts use a 30s TTL (instead of 300s) so a key revoked from the dashboard stops authenticating within seconds. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| --- | ||
|
|
||
| chore: add a local dev-stack lane for the User API (`scripts/dev.sh`) + `pnpm user-api` root alias. Optional, mirroring Address Enrichment — runs via `railway run` when the service is available and exports `USER_API_URL` for the dashboard `/api/user` proxy; skipped otherwise so existing flows are unaffected. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| --- | ||
| "@anticapture/authful": minor | ||
| "@anticapture/user-api": minor | ||
| --- | ||
|
|
||
| Add self-service API keys (DEV-950). Authful gains an optional scoped provisioning key that may only mint/revoke `user:*` tenants and cannot list all tenants (the admin key stays unrestricted). The User API brokers end-user keys through it: `POST/GET/DELETE /me/api-keys` (session-authenticated) mint into Authful under tenant `user:<userId>`, return the plaintext exactly once, and store only ownership (never the secret) — with a per-user quota and Authful-first revocation. Both surfaces stay disabled until their env is configured. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| --- | ||
| "@anticapture/user-api": minor | ||
| --- | ||
|
|
||
| New user identity & session service (`apps/user-api`). Provides SIWE | ||
| authentication via better-auth (EOA + EIP-1271, per-host domain resolution for | ||
| whitelabel) and session-scoped draft proposals: identity comes from the | ||
| session cookie, drafts are keyed by user with a `daoId` filter, the share | ||
| endpoint is public with a server-derived `isOwner`, and migrated rows are | ||
| claimed on first sign-in. Reached only through the dashboard's `/api/user` | ||
| proxy, independent of Gateful. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.