LinumIQ/linumiq_net-web_app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
17 Commits 2 Branches 0 Tags
8e8df7ae643908638d34d9c2c6ceb8e4db1ece74
Commit Graph

17 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gerhard Scheikl 8e8df7ae64 fix(admin): eliminate GoTrue empty-body 500s under bulk load (retry-all + undici keep-alive + sequential bulk), CSV formula-injection guard 2026-05-31 17:30:04 +02:00
Gerhard Scheikl cbd29445bb fix(admin): resolve tunnel owner emails via one listUsers scan 
The upstream admin gateway deterministically truncates the first per-row
getUserById that immediately follows a request's auth check, yielding an
empty body the per-call retry cannot clear — so a couple of tunnel rows
showed owner_email '—' on every load regardless of retry or concurrency.
Replace the per-row getUserById fan-out with a single bounded listUsers
scan (same transient retry) that builds an id->email map and stops early
once every owner on the page is resolved. A single listUsers read does not
hit the truncation pattern, eliminating the dashes. Remove the now-unused
mapWithConcurrency helper and OWNER_EMAIL_CONCURRENCY constant.
 2026-05-31 16:26:39 +02:00
Gerhard Scheikl 37f79ff1b1 fix(admin): lower owner-email enrichment concurrency to 2 
The upstream admin gateway tolerates only a small concurrent burst; at
concurrency 4 the tail of the per-row getUserById fan-out was truncated
into empty bodies on every list load (deterministic '—'), and the retries
piled into the same throttle window. Measured 0 failures at concurrency 2
(and 1) versus consistent truncations at 4, so pin enrichment to 2.
 2026-05-31 16:13:54 +02:00
Gerhard Scheikl b0dba8ec0e fix(admin): bound owner-email enrichment concurrency to avoid self-throttle 
A large concurrent burst of getUserById calls during the tunnels-list
email enrichment self-inflicts an upstream throttle (truncated/empty
bodies) that even the per-call retry can't fully escape, intermittently
rendering owner_email as '—'. Add mapWithConcurrency and resolve owner
emails at most a few at a time so each lookup stays inside the throttle
allowance; retry + null fallback preserved.
 2026-05-31 15:57:54 +02:00
Gerhard Scheikl 17fe642168 fix(admin): retry GoTrue admin reads on transient empty-body responses (bulk-load robustness) 2026-05-31 15:35:33 +02:00
Gerhard Scheikl d317e8c758 feat(admin): live redis kill-switch on tunnel actions, sortable columns + CSV export + bulk actions, Node 24 LTS 
WS1: pin all Docker stages to node:24.16.0-alpine; add engines node>=20.
WS2: lib/redis.ts gains TTL-backed redisSet, redisDel, setTunnelActive (writes tunnel:active:<sub>=1/0 EX 30, TUNNEL_ACTIVE_TTL override, no-op without REDIS_URL); wired into tunnel active/delete/reassign routes.
WS3: sortable columns, CSV export routes (token excluded), and bulk actions (self-account guard) across users/tunnels/audit admin tables.
 2026-05-31 14:46:22 +02:00
Gerhard Scheikl 1adb6e7b3f fix(admin): no-store on middleware admin deny/redirect responses 
The defense-in-depth admin guard in middleware short-circuits before the
route handlers' jsonNoStore runs, so its 401/403 JSON denials (and auth
redirects) were served without Cache-Control: no-store. Stamp no-store in
withCookies so every admin deny/redirect response is non-cacheable,
completing Finding #4 for the middleware-originated admin responses.
 2026-05-31 13:51:25 +02:00
Gerhard Scheikl dd0ff39890 fix(admin): return 404 (not 500) when deleting an already-removed user 
GoTrue returns an empty body for a missing-user delete, surfacing as an
opaque JSON-parse error; pre-check existence via getUserById for a clean 404.
 2026-05-31 13:23:43 +02:00
Gerhard Scheikl 535b2ef202 fix(admin): fresh SSR reads, atomic user delete + sanitized errors, cookie-rotation in middleware, no-store on admin APIs 2026-05-31 13:15:56 +02:00
Gerhard Scheikl 61bf6c013c fix(admin): deterministic UTC timestamp formatting to remove hydration mismatch 2026-05-31 12:26:41 +02:00
Gerhard Scheikl b6c4d94990 fix(admin): key tunnels by user_id, server-side initial list load, full-scan user search 2026-05-31 11:46:14 +02:00
Gerhard Scheikl fb4880a1d9 feat(admin): comprehensive admin interface (users, tunnels, metrics, audit, reserved subdomains) 
Adds an authenticated admin surface gated by auth.users.app_metadata.role==='admin'.

- lib/auth/admin-guard.ts: requireAdmin() (pages) + requireAdminApi() (routes)
- middleware.ts: defense-in-depth /admin and /api/admin guarding
- API: users (list/detail/role/ban/delete), tunnels (list + active/quota/reset/reassign/regenerate-token/delete), metrics, audit log, reserved subdomains
- Self-lockout prevention (no self demote/ban/delete)
- Best-effort Redis kill-switch via dependency-free net-socket client (REDIS_URL)
- admin_audit_log + reserved_subdomains migration (RLS on, service-role only)
- Admin UI (overview, users, tunnels, reserved, audit) + conditional nav link
 2026-05-31 10:58:23 +02:00
linumiq_net-user aad01f1fc5 security-update 2026-05-31 10:19:06 +02:00
linumiq_net-user 6b59c01744 dev: parameterize compose so one file serves prod + dev 
image/container/network/project names now come from env (WEB_IMAGE,
WEB_CONTAINER, WEB_NETWORK, WEB_PROJECT) with prod values as defaults. Dev
supplies its values via the gitignored .env.production. Makes dev->main merge
safe (prod resolves to web/web:1.0.0/edge by default).
 2026-05-30 14:18:40 +02:00
linumiq_net-user f1cca454e2 dev: parameterize compose for dev build (web-dev image/container, dev_edge network) 
- image web-dev:1.0.0, container web-dev, network dev_edge
- NEXT_PUBLIC_* build args resolved from gitignored .env.production
  (api-dev/app-dev URLs) so the dev bundle targets the dev API.
- ignore .env.production (dev secrets) in this branch.
 2026-05-30 13:24:23 +02:00
linumiq_net-user 6c1221c60f security update 2026-05-30 12:49:51 +02:00
root c935e39fa1 initial commit 2026-05-29 17:07:00 +02:00