mikkel/pvm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12 commits 1 branch 0 tags 222 KiB
Commit graph

4 commits

Author SHA1 Message Date
Mikkel Georgsen
a22ba48709 Add Zitadel OIDC setup, SMTP config, and security fixes 
- Add setup-zitadel.sh: idempotent script that creates PVM project
  and OIDC app via Zitadel Management API using machine user PAT
- Add machine user + PAT auto-generation to docker-compose via
  FIRSTINSTANCE env vars with bind-mounted machinekey directory
- Add SMTP configuration for email sending (verification, password reset)
- Fix JWT algorithm confusion attack: restrict to RS256/384/512 only
- Add docs/TODO_SECURITY.md tracking review findings
- Update .env.example files with correct local dev URLs
- Add docker/machinekey/ to .gitignore

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 12:34:44 +01:00
Mikkel Georgsen
633f2ad684 Fix Zitadel dev setup: use login v1 and add healthcheck 
- Switch image to ghcr.io/zitadel/zitadel:latest (v4.x)
- Disable login v2 (LOGINV2_REQUIRED: false) to use built-in login v1
- Add curl-based healthcheck for reliable container readiness

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 06:22:26 +01:00
Mikkel Georgsen
93b100539e Fix Zitadel masterkey: must be exactly 32 bytes 
The previous placeholder was 33 chars. Use a proper 32-char
placeholder and note the constraint in the example.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 05:39:18 +01:00
Mikkel Georgsen
c972926d31 Scaffold base webapp: Rust/Axum API + SvelteKit dashboard + Docker dev env 
Backend (Rust/Axum):
- pvm-api: Axum server with health and user profile endpoints,
  OpenAPI/Swagger UI, CORS, tracing, graceful shutdown
- pvm-auth: JWT validation middleware with JWKS cache for
  offline-capable Zitadel token verification
- pvm-core: Shared error types with IntoResponse impl
- pvm-types: Shared domain types (UserProfile)

Frontend (SvelteKit):
- Dashboard app with Svelte 5 + TypeScript + Tailwind CSS v4
- Zitadel OIDC auth via @auth/sveltekit (PKCE flow)
- Pages: landing, sign-in, dashboard, account settings
- Responsive sidebar layout with dark mode support
- Typed API client for backend communication

Infrastructure:
- Docker Compose dev environment with Zitadel v3, PostgreSQL 16,
  and DragonflyDB
- Environment variable examples and setup documentation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-08 03:37:07 +01:00