- Add random avatar generation for new users in register
- Fix OAuth state parsing with type assertions and error handling
- Add TempToken field to CallbackResponse for bind flow
- Implement dynamic redirect URI resolution with X-Forwarded headers support
- Add memory cache fallback when Redis is unavailable
- Change default port from 4001 to 4000 in Makefile
- Change BindMode from bool to *bool in thirdparty auth for proper optional handling
- Change Error field from string to *string in OAuth callback request
- Change Email and Phone to *string pointers in bind with register request
- Add public /api/info endpoint for frontend configuration
- Update OAuth token request to use pointers for optional code and refresh_token
- Add desc tags to various request struct fields for API documentation
- Fix path parameter binding with explicit @code suffix for OAuth providers
- Change Description field to *string pointer in role creation
- Change Category field to *string pointer in settings list
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
- Replace GetUserID/GetOrgID with VBaseAuth.UserID/OrgID methods across all APIs
- Integrate vigoauth.Auth interface into appAuth for standard auth methods
- Move AuthMiddleware to PermLogin method in auth package
- Add role management methods: GetRole, ListRoles, GrantRoles, RevokeRoles, ListUserRoles
- Update ListUserPermissions and ListResourceUsers to return vigoauth types
- Export Redis client in cfg package
- Simplify app initialization by separating vigo.New in cli/main.go
- Remove deprecated auth/middleware.go file
- Rename cfg.Config to cfg.Global for consistency
- Simplify cli/main.go to use vbase.App.Run() pattern
- Update init.go to create app with vigo.New and Init function
- Update all references from cfg.Config to cfg.Global across api, libs, models, and tests
- Fix VBase constructor parameter order in ui/vbase.js
- Update ui/env.js to use new VBase('vb', '/') initialization
- Add UserPermissionInfo and UserInfoWithPerms structs for detailed user info
- Extend /auth/me to return user permissions and global roles
- Remove unused isAdmin helper method from auth.go
- Update updateMe to return UserInfoWithPerms for consistency
- Add /api/auth/users endpoint for authenticated users to search other users
- Only return public info (id, username, nickname, avatar) in search results
- Change /api/user routes to require user:admin permission instead of user:read
- Update auth tests to use /api/auth/me for self updates
- Add tests for new user search endpoint
- Add 'clean_run.sh' script to reset database and restart server for clean test environment
- Update 'README.md' with detailed troubleshooting guide and pitfalls
- Add '04_org_load_middleware.sh' to test LoadOrg middleware functionality
- Update 'run_all.sh' to include new middleware test
- Fix BASE_URL handling in 'lib.sh' and test scripts to support custom environments
- Update '02_resource_perm.sh' to fix admin permission checks
- Remove debug logging from 'auth.go'
Encrypt OAuth Provider ClientSecret before storing in database to prevent
sensitive credential exposure in case of database breach.
- Encrypt ClientSecret on create using cfg.Config.Key.Encrypt()
- Encrypt ClientSecret on update when provided
- Decrypt ClientSecret before use in OAuth token exchange
- Add AES-GCM encryption/decryption functions to crypto package
- Gracefully handle legacy plaintext secrets during transition
Fix a bug where the count variable was not reset before checking
email and phone uniqueness. This could cause false positives if
a previous check had count > 0, incorrectly reporting that email
or phone already exists when they don't.
- Reset count to 0 before email check
- Reset count to 0 before phone check
veypi
veypi