kitos/Autonomous-Bug-Explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fase(25-26): keyboard shortcuts, mobile responsive, enterprise SSO/audit

Browse Source 
- Phase 25.4: N shortcut for new exploration on dashboard (react-hotkeys-hook)
- Phase 25.5: overflow-x-auto on tables, responsive padding (p-4 md:p-6)
- Phase 26: SAML/OIDC/LDAP providers (build-fixed), TOTP/MFA service
- Phase 26: KyselySSOConfigRepository + KyselyTOTPRepository
- Phase 26: SSO HTTP controller (config CRUD + MFA setup/verify/disable)
- Phase 26: Audit module index.ts + SSO module index.ts
- Phase 26: Session management endpoints (findByUserId, deleteById, list/revoke)
- Phase 26: SSO and audit routes feature-gated (auth:sso, audit:logs)
- Phase 26: Frontend SSOSection (SAML/OIDC/LDAP config + TOTP setup)
- Phase 26: Frontend SessionsSection (list/revoke active sessions)
- Phase 26: Settings navigation updated with SSO & Sessions sections

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
debian
2026-03-08 13:38:25 -04:00
parent c3911bafe8
commit 08011d22d5
58 changed files with 2689 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
dist/modules/auth/infrastructure/http/AuthController.js vendored
View File

@@ -166,5 +166,27 @@ function createAuthController(registerCommand, loginCommand, createOrgCommand, i
await apiKeyRepository.delete(keyId);
res.json({ success: true });
});
// GET /api/auth/sessions — list active sessions (session management dashboard)
router.get('/sessions', authMiddleware, async (req, res) => {
const sessions = await sessionRepository.findByUserId(req.user.id);
res.json(sessions.map((s) => ({
id: s.id,
createdAt: new Date(s.createdAt).toISOString(),
expiresAt: new Date(s.expiresAt).toISOString(),
})));
});
// DELETE /api/auth/sessions/:id — revoke a specific session
router.delete('/sessions/:id', authMiddleware, async (req, res) => {
const sessionId = String(req.params['id']);
// Only allow revoking own sessions
const userSessions = await sessionRepository.findByUserId(req.user.id);
const owns = userSessions.some((s) => s.id === sessionId);
if (!owns) {
res.status(404).json({ error: 'Session not found' });
return;
}
await sessionRepository.deleteById(sessionId);
res.json({ success: true });
});
return router;
}