daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d13115e3b07ef57a86c01f15167cebe8506557fb
microdao-daarion/site/AUTH_SERVICE_FIX/index.html

838 lines
24 KiB
HTML
Raw Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="canonical" href="https://IvanTytar.github.io/microdao-daarion/AUTH_SERVICE_FIX/">
<link rel="icon" href="../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.5.3, mkdocs-material-9.5.18">
<title>AUTH_SERVICE_FIX - DAARION Documentation</title>
<link rel="stylesheet" href="../assets/stylesheets/main.66ac8b77.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#auth_service_fix" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href=".." title="DAARION Documentation" class="md-header__button md-logo" aria-label="DAARION Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
DAARION Documentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
AUTH_SERVICE_FIX
</span>
</div>
</div>
</div>
<script>var media,input,key,value,palette=__md_get("__palette");if(palette&&palette.color){"(prefers-color-scheme)"===palette.color.media&&(media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']"),palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent"));for([key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href=".." title="DAARION Documentation" class="md-nav__button md-logo" aria-label="DAARION Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54Z"/></svg>
</a>
DAARION Documentation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../public/" class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../public/getting-started/" class="md-nav__link">
<span class="md-ellipsis">
Getting Started
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../public/architecture-overview/" class="md-nav__link">
<span class="md-ellipsis">
Architecture
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../public/daiS_daos_overview/" class="md-nav__link">
<span class="md-ellipsis">
DAIS & DAOS
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
Internal
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Internal
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
Infra
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
Infra
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../internal/infra/INFRA_AUTOMATION_PACK_V1/" class="md-nav__link">
<span class="md-ellipsis">
Infra Automation Pack v1
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../internal/infra/monitoring_overview/" class="md-nav__link">
<span class="md-ellipsis">
Monitoring Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../internal/infra/nodes_registry_v0/" class="md-nav__link">
<span class="md-ellipsis">
Nodes Registry v0
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Specs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Specs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../internal/specs/matrix_presence_aggregator/" class="md-nav__link">
<span class="md-ellipsis">
Matrix Presence Aggregator
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../internal/specs/city_map_spec/" class="md-nav__link">
<span class="md-ellipsis">
City Map Spec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../internal/specs/node_join_protocol_draft/" class="md-nav__link">
<span class="md-ellipsis">
Node Join Protocol (Draft)
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#overview" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#environment-variables" class="md-nav__link">
<span class="md-ellipsis">
Environment variables
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#database-schema-minimal" class="md-nav__link">
<span class="md-ellipsis">
Database schema (minimal)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#endpoints" class="md-nav__link">
<span class="md-ellipsis">
Endpoints
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#jwt-token" class="md-nav__link">
<span class="md-ellipsis">
JWT token
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#smoke-test-flow" class="md-nav__link">
<span class="md-ellipsis">
Smoke test flow
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="auth_service_fix">AUTH_SERVICE_FIX<a class="headerlink" href="#auth_service_fix" title="Permanent link">&para;</a></h1>
<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">&para;</a></h2>
<p>The auth-service (FastAPI + asyncpg) is responsible for registration, login, JWT
issuance and token introspection for the entire DAARION stack. A 500 error was
triggered because the configured Postgres database (<code>postgresql://.../daarion</code>)
did not exist on NODE1, so every <code>/api/auth/login</code> call failed with
<code>asyncpg.exceptions.InvalidCatalogNameError</code>. The fix introduced:</p>
<ul>
<li>creation of the <code>daarion</code> database inside <code>dagi-postgres</code>;</li>
<li>execution of migration <code>011_create_auth_tables.sql</code> to provision the schema;</li>
<li>addition of admin/test accounts via <code>/api/auth/register</code>;</li>
<li>resilient configuration that supports both <code>AUTH_*</code> and legacy env names;</li>
<li>smoke-tested register/login/refresh/me flows.</li>
</ul>
<h2 id="environment-variables">Environment variables<a class="headerlink" href="#environment-variables" title="Permanent link">&para;</a></h2>
<table>
<thead>
<tr>
<th>Name(s)</th>
<th>Purpose</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>AUTH_DATABASE_URL</code> / <code>DATABASE_URL</code></td>
<td>Postgres DSN (<code>postgresql://postgres:postgres@dagi-postgres:5432/daarion</code>)</td>
</tr>
<tr>
<td><code>AUTH_JWT_SECRET</code> / <code>JWT_SECRET</code></td>
<td>HMAC secret for both access &amp; refresh tokens</td>
</tr>
<tr>
<td><code>AUTH_JWT_ALGORITHM</code> / <code>JWT_ALGO</code> / <code>JWT_ALGORITHM</code></td>
<td>JWT signing algorithm (<code>HS256</code>)</td>
</tr>
<tr>
<td><code>AUTH_ACCESS_TOKEN_TTL</code> / <code>ACCESS_TOKEN_TTL</code></td>
<td>Access token lifetime in seconds (default 1800)</td>
</tr>
<tr>
<td><code>AUTH_REFRESH_TOKEN_TTL</code> / <code>REFRESH_TOKEN_TTL</code></td>
<td>Refresh token lifetime in seconds (default 604800)</td>
</tr>
<tr>
<td><code>AUTH_PORT</code> / <code>PORT</code></td>
<td>Service port (default <code>7020</code>)</td>
</tr>
<tr>
<td><code>AUTH_DEBUG</code> / <code>DEBUG</code></td>
<td>Toggle FastAPI reload/logging</td>
</tr>
<tr>
<td><code>AUTH_BCRYPT_ROUNDS</code> / <code>BCRYPT_ROUNDS</code></td>
<td>Cost factor for password hashing</td>
</tr>
<tr>
<td><code>SYNAPSE_ADMIN_URL</code></td>
<td>Matrix admin endpoint (defaults to <code>http://daarion-synapse:8008</code>)</td>
</tr>
<tr>
<td><code>SYNAPSE_REGISTRATION_SECRET</code></td>
<td>Shared secret for Matrix auto-provisioning</td>
</tr>
</tbody>
</table>
<p>⚠️ The config module now checks both <code>AUTH_*</code> and legacy names so existing
docker-compose files continue to work.</p>
<h2 id="database-schema-minimal">Database schema (minimal)<a class="headerlink" href="#database-schema-minimal" title="Permanent link">&para;</a></h2>
<p><code>migrations/011_create_auth_tables.sql</code> must be applied to the <code>daarion</code>
database. Core tables:</p>
<ul>
<li><code>auth_users</code> — user profile + status flags (<code>is_active</code>, <code>is_admin</code>).</li>
<li><code>auth_roles</code> + <code>auth_user_roles</code> — role definitions/mapping (default roles
inserted by migration).</li>
<li><code>auth_sessions</code> — refresh-token sessions (with <code>expires_at</code> &amp; <code>revoked_at</code>).</li>
</ul>
<p>Commands executed on NODE1:</p>
<div class="codehilite"><pre><span></span><code>docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>dagi-postgres<span class="w"> </span>psql<span class="w"> </span>-U<span class="w"> </span>postgres<span class="w"> </span>-c<span class="w"> </span><span class="s2">&quot;CREATE DATABASE daarion;&quot;</span>
docker<span class="w"> </span>cp<span class="w"> </span>migrations/011_create_auth_tables.sql<span class="w"> </span>dagi-postgres:/tmp/011.sql
docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>dagi-postgres<span class="w"> </span>psql<span class="w"> </span>-U<span class="w"> </span>postgres<span class="w"> </span>-d<span class="w"> </span>daarion<span class="w"> </span>-f<span class="w"> </span>/tmp/011.sql
</code></pre></div>
<h2 id="endpoints">Endpoints<a class="headerlink" href="#endpoints" title="Permanent link">&para;</a></h2>
<table>
<thead>
<tr>
<th>Method</th>
<th>Path</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>GET</code></td>
<td><code>/healthz</code></td>
<td>Returns <code>{ "status": "ok" }</code> when DB + settings are valid</td>
</tr>
<tr>
<td><code>POST</code></td>
<td><code>/api/auth/register</code></td>
<td>Creates a user, hashes password, provisions Matrix user (<code>matrix_user_id</code> in response)</td>
</tr>
<tr>
<td><code>POST</code></td>
<td><code>/api/auth/login</code></td>
<td>Issues <code>access_token</code>, <code>refresh_token</code>, returns user payload + roles</td>
</tr>
<tr>
<td><code>POST</code></td>
<td><code>/api/auth/refresh</code></td>
<td>Validates refresh token/session and rotates tokens</td>
</tr>
<tr>
<td><code>POST</code></td>
<td><code>/api/auth/logout</code></td>
<td>Revokes refresh token/session</td>
</tr>
<tr>
<td><code>GET</code></td>
<td><code>/api/auth/me</code></td>
<td>Reads user profile using <code>Authorization: Bearer &lt;access_token&gt;</code></td>
</tr>
<tr>
<td><code>POST</code></td>
<td><code>/api/auth/introspect</code></td>
<td>Validates any access token (for internal services)</td>
</tr>
</tbody>
</table>
<h2 id="jwt-token">JWT token<a class="headerlink" href="#jwt-token" title="Permanent link">&para;</a></h2>
<div class="codehilite"><pre><span></span><code><span class="p">{</span>
<span class="w"> </span><span class="nt">&quot;sub&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;e4ea9638-a845-49b8-bd84-41deb3971ee0&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin@daarion.space&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;name&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Admin&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;roles&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">&quot;user&quot;</span><span class="p">,</span><span class="w"> </span><span class="s2">&quot;admin&quot;</span><span class="p">],</span>
<span class="w"> </span><span class="nt">&quot;type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;access&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;iss&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;daarion-auth&quot;</span><span class="p">,</span>
<span class="w"> </span><span class="nt">&quot;exp&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1764244050</span>
<span class="p">}</span>
</code></pre></div>
<p>Gateway &amp; frontend:</p>
<ul>
<li>Pass <code>Authorization: Bearer &lt;access_token&gt;</code> to protected endpoints.</li>
<li>Extract <code>sub</code> as <code>user_id</code>, <code>roles</code> for RBAC, and (optionally) fetch
<code>matrix_user_id</code> from <code>/api/auth/register</code> response or the user profile.</li>
</ul>
<h2 id="smoke-test-flow">Smoke test flow<a class="headerlink" href="#smoke-test-flow" title="Permanent link">&para;</a></h2>
<ol>
<li><strong>Register:</strong><br />
<code>curl -X POST http://&lt;auth-host&gt;:7020/api/auth/register -d '{"email":"user@daarion.space","password":"Password123!","display_name":"User"}'</code></li>
<li><strong>Login:</strong><br />
<code>curl -X POST http://&lt;auth-host&gt;:7020/api/auth/login -d '{"email":"user@daarion.space","password":"Password123!"}'</code></li>
<li><strong>Authorize requests:</strong><br />
<code>curl http://&lt;auth-host&gt;:7020/api/auth/me -H "Authorization: Bearer &lt;access_token&gt;"</code></li>
<li><strong>Matrix heartbeat:</strong><br />
After login in the web UI, <code>usePresenceHeartbeat</code> calls
<code>/api/internal/matrix/presence/online</code> with the issued token, and
<code>matrix-presence-aggregator</code> sees non-zero online counts.</li>
</ol>
<p>With these fixes the auth-service is stable, compatible with matrix-gateway, and
ready for the next milestone (2D City Map + Agent Presence).</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": ["navigation.sections", "navigation.instant", "content.code.copy"], "search": "../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="../assets/javascripts/bundle.3220b9d7.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink