Commit Graph

15 Commits

Author SHA1 Message Date
Jordan Knott
ef2aadefbb refactor: add client log on task list change 2021-10-25 21:03:22 -05:00
Jordan Knott
8b1de30204 feat: redirect to register page if no users exist
fixes #130
2021-10-06 14:20:36 -05:00
Jordan Knott
229a53fa0a refactor: replace refresh & access token with auth token only
changes authentication to no longer use a refresh token & access token
for accessing protected endpoints. Instead only an auth token is used.

Before the login flow was:

Login -> get refresh (stored as HttpOnly cookie) + access token (stored in memory) ->
  protected endpoint request (attach access token as Authorization header) -> access token expires in
  15 minutes, so use refresh token to obtain new one when that happens

now it looks like this:

Login -> get auth token (stored as HttpOnly cookie) -> make protected endpont
request (token sent)

the reasoning for using the refresh + access token was to reduce DB
calls, but in the end I don't think its worth the hassle.
2021-04-28 21:38:49 -05:00
Jordan Knott
a8b3809515 feat: allow access token expiration to be set in the config 2020-12-30 21:10:55 -06:00
Jordan Knott
9f27bd157f feat: smtp server for sending email can now be set by config 2020-12-23 16:44:13 -06:00
Jordan Knott
7b6624ecc3 feat: redesign project sharing & initial registration
redesigned the project sharing popup to be a multi select dropdown
that populates the options by using the input as a fuzzy search filter
on the current users & invited users.

users can now also be directly invited by email from the project share
window. if invited this way, then the user will receive an email
that sends them to a registration page, then a confirmation page.

the initial registration was always redone so that it uses a similar
system to the above in that it now will accept the first registered
user if there are no other accounts (besides 'system').
2020-12-17 22:39:14 -06:00
Jordan Knott
52c60abcd7 fix: secret key is no longer hard coded
the secret key for signing JWT tokens is now read from server.secret.

if that does not exist, then a random UUID v4 is generated and used
instead. a log warning is also shown.
2020-09-12 18:03:17 -05:00
Jordan Knott
0a1bdc19f3 fix: remove cors middleware
fixes #51
2020-09-02 20:30:38 -05:00
Jordan Knott
9dba566660 feat: add pre-commit hooks & refactor code to pass linting 2020-08-20 18:37:36 -05:00
Jordan Knott
c2ef8a7d56 feat: replace config system with viper based system
allows for config settings to be easily set through ENV variables,
config files, or CLI flags

adds flag to run migration on web server start (fixes #29)
2020-08-12 22:30:53 -05:00
Jordan Knott
5dbdc20b36 chore: rename Citadel to Taskcafe 2020-08-06 20:50:35 -05:00
Jordan Knott
6f33cc5799 fix: update api import paths & fix Dockerfile not copying frontend build
fixes issue #7 & #9

also remove agGrid dependency from package.json to reduce download size
2020-07-19 17:25:58 -05:00
Jordan Knott
2cf6be082c feature: add first time install process 2020-07-16 19:40:23 -05:00
Jordan Knott
90515f6aa4 feature: add web & migrate commands 2020-07-15 18:22:25 -05:00
Jordan Knott
e5d5e6da01 arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00