admin/Authorization
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
82 Commits 1 Branch 0 Tags
main
Commit Graph

82 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
admin 1a68840805 fix(auth)!: implement proper RBAC with role-permission checking 
BREAKING CHANGE: Authorization now requires role_permissions table

Previously checked only if permission existed, now verifies user's
role has been granted the permission. Closes critical security gap
allowing any user to access any resource.

- feat: add role_permissions table schema
- feat: add GetPermissionByResourceActionAndRole repository method
- fix: update Authorize to check user role before granting access
- fix: update cache keys to include roleID
- test: update all tests for new authorization flow
 2026-01-22 14:09:37 +08:00
admin 509a502a85 removed username 2026-01-16 10:50:50 +08:00
admin a361140629 fixed 2026-01-05 15:59:13 +08:00
admin 909790a423 fixed 2026-01-05 14:06:43 +08:00
admin 3075a1ece5 added logging 2026-01-05 14:04:07 +08:00
admin 15a125ca12 added logging 2026-01-05 14:03:58 +08:00
admin 60ef06219b added a simple check route 2026-01-05 14:03:51 +08:00
admin 6fe17327d8 fixed jwt parsing from HMAC to RSA 2026-01-05 14:03:36 +08:00
admin acdc53ec24 fixed jwt parsing from HMAC to RSA 2026-01-05 14:03:17 +08:00
admin fc0825252d added logging 2026-01-05 14:02:57 +08:00
admin 3a4d184604 fixed unable to find metricsPath 2026-01-05 14:02:45 +08:00
admin aa5519b5e3 ignored .pem 2026-01-05 10:30:54 +08:00
admin 3608bcd148 fixed roleID 2025-12-18 10:24:18 +08:00
admin 35f81447b2 fix 2025-12-17 17:26:22 +08:00
admin 219112a84c fix regex error sonarqube 2025-12-17 16:52:27 +08:00
admin c4c03163ea fixed sonarqube issues 2025-12-17 10:01:58 +08:00
admin e6b3e3b3ae fixed sonarqube issues 2025-12-17 09:42:18 +08:00
admin d385044237 modified redis for horizontal scaling 2025-12-16 14:41:32 +08:00
admin 5966901eb5 fix: enable all skipped tests and implement fail-open rate limiting 
- Enable 22+ previously skipped tests with proper mocking
- Change rate limiter to consistently fail-open when Redis unavailable
- Update rate_limiter_test to expect fail-open behavior (allows requests)
- Fix impossible nil check causing compiler error in error_logging_test
- Document case sensitivity in policy comparison operators
- Fix typo in cached_authorization.go comment
 2025-12-16 14:15:06 +08:00
admin 2f2e44d6fc fix: enable all skipped tests and resolve critical logic issues 
- Remove all t.Skip() calls (22+ tests) and implement proper mocking
- Fix impossible nil check causing compiler warning in error_logging_test
- Make rate limiter fail-open consistently when Redis unavailable
- Add case sensitivity documentation to policy comparison operators
- Update repository tests with correct SQL query expectations
- Make tests handle DB/Redis unavailability gracefully without panics
 2025-12-16 13:55:27 +08:00
admin 5828a2ff21 fixed unit testing 2025-12-16 13:26:07 +08:00
admin 7e42d04fde added more comprehensive unit test cases 2025-12-16 11:18:35 +08:00
admin 7d6efecb41 added unit testing 2025-12-16 10:57:26 +08:00
admin 1b6f63e6ac cleaned 2025-12-16 10:13:24 +08:00
admin 0d8f5b9600 feat: implement horizontal scaling optimizations for authz service 
- Add /health and /ready endpoints for load balancer health checks
- Replace in-memory JWT token cache with Redis for multi-replica support
- Reduce DB connection pool from 100 to 25 connections per replica
- Add distributed rate limiting (100 req/min + 20 burst) using Redis
- Implement circuit breakers for DB and Redis to prevent cascading failures

This enables the service to scale horizontally with multiple replicas
behind a load balancer without exhausting database connections or
maintaining separate token caches per instance.
 2025-12-16 10:03:18 +08:00
admin ee8079e65c changed icon of passed 2025-12-15 14:32:42 +08:00
admin 17c6a51559 suppress warning since this is a false positive 2025-12-15 13:53:50 +08:00
admin 15deba4584 fixed multiple roles in 1 policy 2025-12-15 13:24:16 +08:00
admin 5743dbf22d fixed authorization 2025-12-09 15:42:35 +08:00
admin ca49e8e24b fix all issues 2025-12-04 10:59:46 +08:00
admin e4946b7ad7 cleaned 2025-12-04 10:56:54 +08:00
admin 60992c1e44 init 2025-12-04 10:55:25 +08:00