- Add validateRegisterCode function to verify codes during registration
- Integrate Aliyun SMS SDK (dysmsapi-20170525) replacing placeholder
- Make cookie names configurable via JWT CookiePrefix setting
- Rename login type "phone" to "sms" for consistency
- Add 1-minute TTL cache for setting values
- Add $fetch wrapper replacing raw fetch calls across all UI pages
- Add verification code inputs with countdown send buttons to register UI
- Move CSS/JS assets from root.html to auth and default layouts
- Add scope parameter to VBase permission check methods
- Add i18n entries for verification code messages (zh/en)
- Fix route guard to use next('/403') instead of router.push
- Replace JWT in response body with HttpOnly Cookie (vb_access/vb_refresh) to prevent XSS token theft
- Add Redis-based token version management with ±1 tolerance for multi-tab concurrent refresh
- Implement strict refresh token rotation: version must match exactly, increment on each refresh
- Simplify JWT Claims to only carry UserID + Type + Version, remove user profile fields
- Remove session-based token tracking and cache blacklist in favor of version increment revocation
- Remove getAuthHeaders, wrapAxios, wrapFetch, isExpired from frontend VBase client
- Remove client-side token/localStorage management, frontend now relies on Cookie auto-attach
- Add CookiePath config option and change default access token expiry from 24h to 15min
- Update Vigo app initialization to use functional options pattern
- Add empty-body cookie read fallback in refresh endpoint
- Add `OnUserCreate` hook variable in `cfg/cfg.go` for custom callbacks
- Invoke `OnUserCreate` after successful user registration in `api/auth/register.go`
- Log warning when user creation hook fails
- Rename appAuth to vbaseProvider implementing auth.Provider interface
- Replace auth.VBaseAuth with cfg.Auth (auth.Auth struct) for middleware
- Add global cfg.Auth instance with SetProvider injection in init.go
- Update all API handlers to use cfg.Auth.RequireXxx instead of PermXxx
- Update tests to use cfg.Auth for permission checks
- Remove Login/Perm methods from Provider (now in auth.Auth struct)
- Add role detail dialog with tabs for permissions and users
- Implement permission selector with level badges (create/read/write/admin)
- Add user management with avatar display and search functionality
- Add i18n translations for new role management features
- Update default DB charset from utf8 to utf8mb4
- Add DB.Prefix "vb_" to cfg.DB config for global table prefix
- Remove TableName() methods from all models (User, Role, Permission, etc.)
- Remove Role.Scope field and its unique index with Code
- Let GORM auto-generate table names with configured prefix
- Replace GetUserID/GetOrgID with VBaseAuth.UserID/OrgID methods across all APIs
- Integrate vigoauth.Auth interface into appAuth for standard auth methods
- Move AuthMiddleware to PermLogin method in auth package
- Add role management methods: GetRole, ListRoles, GrantRoles, RevokeRoles, ListUserRoles
- Update ListUserPermissions and ListResourceUsers to return vigoauth types
- Export Redis client in cfg package
- Simplify app initialization by separating vigo.New in cli/main.go
- Remove deprecated auth/middleware.go file
- Rename cfg.Config to cfg.Global for consistency
- Simplify cli/main.go to use vbase.App.Run() pattern
- Update init.go to create app with vigo.New and Init function
- Update all references from cfg.Config to cfg.Global across api, libs, models, and tests
- Fix VBase constructor parameter order in ui/vbase.js
- Update ui/env.js to use new VBase('vb', '/') initialization
- Fix owner ID lookup to prioritize PathParams and Query over Context
- Prevent incorrect owner match when context contains current user ID
- Reset InitAdmin.Password to empty so first registered user becomes admin
- Replace separate DB/DSN fields with unified config.Database struct
- Remove cfg/db.go and move DB client to config.Database.Client()
- Update auth to use event-driven initialization via vb.init.auth event
- Refactor models initialization to use event system (vb.init.settings/oauth/admin)
- Update CLI to use event.Start() instead of manual InitDB() call
- Fix auth_test.go to use new DB config structure
- Update agents.md documentation with new CLI flags format
veypi
veypi