mantimon-tcg

cal/mantimon-tcg

Fork 0

Commit Graph

Author	SHA1	Message	Date
Cal Corum	f82bc8aa1f	Fix OAuth callback redirect and deps import - Discord OAuth callback now redirects to frontend with tokens in URL fragment (more secure than query params - fragment not sent to server) - Error responses also redirect with error in query params - Fix deps.py import: get_session_dependency -> get_session Part of Phase 2 Authentication completion. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-28 00:17:27 -06:00
Cal Corum	3ad79a4860	Fix OAuth absolute URLs and add account linking endpoints - Add base_url config setting for OAuth callback URLs - Change OAuth callbacks from relative to absolute URLs - Add account linking OAuth flow (GET /auth/link/{provider}) - Add unlink endpoint (DELETE /users/me/link/{provider}) - Add AccountLinkingError and service methods for linking - Add 14 new tests for linking functionality - Update Phase 2 plan to mark complete (1072 tests passing)	2026-01-27 22:06:22 -06:00
Cal Corum	996c43fbd9	Implement Phase 2: Authentication system Complete OAuth-based authentication with JWT session management: Core Services: - JWT service for access/refresh token creation and verification - Token store with Redis-backed refresh token revocation - User service for CRUD operations and OAuth-based creation - Google and Discord OAuth services with full flow support API Endpoints: - GET /api/auth/{google,discord} - Start OAuth flows - GET /api/auth/{google,discord}/callback - Handle OAuth callbacks - POST /api/auth/refresh - Exchange refresh token for new access token - POST /api/auth/logout - Revoke single refresh token - POST /api/auth/logout-all - Revoke all user sessions - GET/PATCH /api/users/me - User profile management - GET /api/users/me/linked-accounts - List OAuth providers - GET /api/users/me/sessions - Count active sessions Infrastructure: - Pydantic schemas for auth/user request/response models - FastAPI dependencies (get_current_user, get_current_premium_user) - OAuthLinkedAccount model for multi-provider support - Alembic migration for oauth_linked_accounts table Dependencies added: email-validator, fakeredis (dev), respx (dev) 84 new tests, 1058 total passing	2026-01-27 21:49:59 -06:00

Author

SHA1

Message

Date

Cal Corum

f82bc8aa1f

Fix OAuth callback redirect and deps import

- Discord OAuth callback now redirects to frontend with tokens in URL fragment
  (more secure than query params - fragment not sent to server)
- Error responses also redirect with error in query params
- Fix deps.py import: get_session_dependency -> get_session

Part of Phase 2 Authentication completion.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-28 00:17:27 -06:00

Cal Corum

3ad79a4860

Fix OAuth absolute URLs and add account linking endpoints

- Add base_url config setting for OAuth callback URLs
- Change OAuth callbacks from relative to absolute URLs
- Add account linking OAuth flow (GET /auth/link/{provider})
- Add unlink endpoint (DELETE /users/me/link/{provider})
- Add AccountLinkingError and service methods for linking
- Add 14 new tests for linking functionality
- Update Phase 2 plan to mark complete (1072 tests passing)

2026-01-27 22:06:22 -06:00

Cal Corum

996c43fbd9

Implement Phase 2: Authentication system

Complete OAuth-based authentication with JWT session management:

Core Services:
- JWT service for access/refresh token creation and verification
- Token store with Redis-backed refresh token revocation
- User service for CRUD operations and OAuth-based creation
- Google and Discord OAuth services with full flow support

API Endpoints:
- GET /api/auth/{google,discord} - Start OAuth flows
- GET /api/auth/{google,discord}/callback - Handle OAuth callbacks
- POST /api/auth/refresh - Exchange refresh token for new access token
- POST /api/auth/logout - Revoke single refresh token
- POST /api/auth/logout-all - Revoke all user sessions
- GET/PATCH /api/users/me - User profile management
- GET /api/users/me/linked-accounts - List OAuth providers
- GET /api/users/me/sessions - Count active sessions

Infrastructure:
- Pydantic schemas for auth/user request/response models
- FastAPI dependencies (get_current_user, get_current_premium_user)
- OAuthLinkedAccount model for multi-provider support
- Alembic migration for oauth_linked_accounts table

Dependencies added: email-validator, fakeredis (dev), respx (dev)

84 new tests, 1058 total passing

2026-01-27 21:49:59 -06:00

3 Commits