An open source project management tool with Kanban boards
Go to file
2020-07-12 02:06:11 -05:00
.github change: add project README 2020-06-23 17:33:44 -05:00
cmd arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
conf arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
data arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
frontend chore: project cleanup and bugfixes 2020-07-12 02:06:11 -05:00
internal chore: project cleanup and bugfixes 2020-07-12 02:06:11 -05:00
migrations arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
scripts arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
templates/mail/user arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
uploads change: add .keep to .gitignore exclusion list 2020-07-04 18:14:05 -05:00
.gitignore change: add .keep to .gitignore exclusion list 2020-07-04 18:14:05 -05:00
.tmuxinator.yml change: update tmuxinator script to reflect new dir structure 2020-07-04 18:10:28 -05:00
docker-compose.yml arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
go.mod arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
go.sum arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
gqlgen.yml chore: project cleanup and bugfixes 2020-07-12 02:06:11 -05:00
magefile.go chore: project cleanup and bugfixes 2020-07-12 02:06:11 -05:00
Makefile arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
Pipfile arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
README.md arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
sqlc.yaml arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00
trello.json arch: move web folder into api & move api to top level 2020-07-04 18:08:37 -05:00

Project Citadel - An open source project management tool

Citadel

Overview

  • TODO

Features

TODO

Browser support

Installation

License

Authentication

Uses a refresh_token and access_token system.

The refresh_token is an opaque UUID based token. The access_token is a JWT token containing several claims such as sub & roles

The refresh_token is stored in a database and is long lived (24 hours). It is sent to the client as a cookie set to be HttpOnly.

The access_token is not stored in the database & is only stored in memory on the client side. It is short lived (5 minutes).

The access_token is used to authenticate all endpoints except endpoints under /auth

The access_token is refreshed using the refresh_token through the /auth/refresh_token endpoint. This endpoint takes in the refresh_token set VIA a cookie header & returns a new refresh_token & access_token if the refresh_token is still valid. The old refresh_token is invalidated.