Archive/screentinker

Fork 0

mirror of https://github.com/screentinker/screentinker.git synced 2026-06-17 03:32:32 -06:00

Commit graph

Author	SHA1	Message	Date
ScreenTinker	d59adfd10c	feat(ui): agency token designation in Settings (#73 ) Admin-facing. Extends the existing API-token UI: an 'agency' scope option reveals a playlist picker (the workspace's playlists); creating the token binds the checked ones as its allowlist (target_playlist_ids). The token list shows each agency token's designated playlists (tokens GET now returns targets for agency-scoped tokens). i18n keys added across all five locales (parity test). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-14 13:08:07 -05:00
ScreenTinker	40102b2b41	feat(api): agency portal endpoints + router.param target seam (#73 ) The agency capability behind the proven off-ladder/agencyGate primitive: - agencyGate is now SCOPE-only at the mount; the per-target check is router.param ('playlistId') in routes/agency.js - it fires WITH the param before the handler, so no :playlistId route can skip it (drift-proof). A mount-level target check was silently bypassed (Express populates req.params only at route match); the integration bite-suite caught it - this is the fix. - routes/agency.js: POST /content (shared ingest) + POST /playlists/:id/items (date-bounded #74/#75 item; lands as draft so the admin's re-publish is the approval gate). - tokens.js: issue scope='agency' tokens bound to a non-empty in-workspace playlist allowlist (atomic); PUT /:id/targets re-designates (JWT-only -> can't self-widen). - server.js: AGENCY_ROUTERS mounted bearerAuth + resolveTenancy + agencyGate. Full bite-suite (test/agency.test.js) GREEN and re-proven to bite on the SHIPPING path: neutralizing the router.param check makes non-designated->403 go red. Four assertions at three seams: target (router.param), off-ladder (tokenScopeGate), can't-widen (tokens JWT-only), issuance cross-workspace (create validation). 139 suite green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-13 22:48:42 -05:00
ScreenTinker	fab4ae909a	feat(api): token management endpoints + Settings UI - routes/tokens.js: create (returns the full secret once), list (never the secret), revoke. Mounted JWT-only via api-surface.js so an API token can never mint, list or revoke tokens - no self-escalation. - Settings "API Tokens" section: create form (name + read/write/full scope), one-time secret reveal with copy, token list, revoke; i18n across en/es/fr/de/pt. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-12 18:45:09 -05:00

Author

SHA1

Message

Date

ScreenTinker

d59adfd10c

feat(ui): agency token designation in Settings (#73 )

Admin-facing. Extends the existing API-token UI: an 'agency' scope option reveals a
playlist picker (the workspace's playlists); creating the token binds the checked ones as
its allowlist (target_playlist_ids). The token list shows each agency token's designated
playlists (tokens GET now returns targets for agency-scoped tokens). i18n keys added across
all five locales (parity test).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-14 13:08:07 -05:00

ScreenTinker

40102b2b41

feat(api): agency portal endpoints + router.param target seam (#73 )

The agency capability behind the proven off-ladder/agencyGate primitive:
- agencyGate is now SCOPE-only at the mount; the per-target check is router.param
  ('playlistId') in routes/agency.js - it fires WITH the param before the handler, so no
  :playlistId route can skip it (drift-proof). A mount-level target check was silently
  bypassed (Express populates req.params only at route match); the integration bite-suite
  caught it - this is the fix.
- routes/agency.js: POST /content (shared ingest) + POST /playlists/:id/items (date-bounded
  #74/#75 item; lands as draft so the admin's re-publish is the approval gate).
- tokens.js: issue scope='agency' tokens bound to a non-empty in-workspace playlist
  allowlist (atomic); PUT /:id/targets re-designates (JWT-only -> can't self-widen).
- server.js: AGENCY_ROUTERS mounted bearerAuth + resolveTenancy + agencyGate.

Full bite-suite (test/agency.test.js) GREEN and re-proven to bite on the SHIPPING path:
neutralizing the router.param check makes non-designated->403 go red. Four assertions at
three seams: target (router.param), off-ladder (tokenScopeGate), can't-widen (tokens
JWT-only), issuance cross-workspace (create validation). 139 suite green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-13 22:48:42 -05:00

ScreenTinker

fab4ae909a

feat(api): token management endpoints + Settings UI

- routes/tokens.js: create (returns the full secret once), list (never the secret),
  revoke. Mounted JWT-only via api-surface.js so an API token can never mint, list or
  revoke tokens - no self-escalation.
- Settings "API Tokens" section: create form (name + read/write/full scope), one-time
  secret reveal with copy, token list, revoke; i18n across en/es/fr/de/pt.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

2026-06-12 18:45:09 -05:00

3 commits