root/navi-1

Fork: 0

root / navi-1

History for navi-1 / navi / auth / deps.py

2026-05-04	3279640 Browse files » Fix WebSocket 403 and restore dependency resolution for auth ... - websocket.py: restore Depends(get_current_user_ws) in endpoint signature so FastAPI dependency_overrides work correctly in tests - websocket.py: accept WebSocket before access check; reject anonymous only for owned sessions, allow anonymous for legacy (user_id=None) - auth/deps.py: add info-level logging to get_current_user_ws entry/exit Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	bad65a1 Browse files » Fix legacy session visibility and add WebSocket auth debug logging ... - pg_session_store: remove OR user_id IS NULL from list_all/list_page so legacy sessions are no longer visible to all users - auth/deps.py: add debug logging at every step of _resolve_user - websocket.py: add debug logging at every stage of websocket_session Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	7ff4074 Browse files » Fix memory_summary ON CONFLICT and WebSocket 403 from auth deps ... - memory/_ddl.py: add UNIQUE(id, user_id) constraint migration for memory_summary so ON CONFLICT in set_summary works on existing tables - auth/deps.py: wrap _resolve_user body in broad try/except so any auth resolution failure returns None instead of raising, preventing FastAPI dependency system from returning HTTP 403 on WebSocket upgrades Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	7833a2b Browse files » Use gnexus-auth client library avatar_url property ... - deps.py: use auth_user.avatar_url from gnexus-gauth DTO instead of guessing profile fields or Gravatar - CLAUDE.md: add working rules section Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	f1ccb57 Browse files » Revert "Fix avatar: use Gravatar instead of non-existent profile fields" ... This reverts commit `f485e54`. Eugene Sukhodolskiy committed on 4 May
	f485e54 Browse files » Fix avatar: use Gravatar instead of non-existent profile fields ... Investigated gnexus-auth UserinfoController and found that the profile response only contains: username, display_name, first_name, last_name, phone, birth_date, country, city, locale, timezone. There is no picture or avatar_url field. - Add make_gravatar_url() helper in navi/auth/__init__.py - Update deps.py to generate Gravatar URL from user email - Update config.py default gnauth_profile_path to /account/profile - Update .env.example comment accordingly - Frontend already handles avatar_url correctly Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	8e2ae02 Browse files » Add avatar display and gnexus-auth profile link ... Backend: - User model: add avatar_url field - auth/deps.py: extract avatar_url from auth_user.profile (picture/avatar_url) - auth.py /auth/me: return avatar_url + computed profile_url - config.py: add gnauth_profile_path setting - .env.example: document GNAUTH_PROFILE_PATH Frontend: - AppSidebar.vue: show user avatar (or initial fallback) next to name - Clicking user info opens gnexus-auth profile in new tab - Rebuild dist/ Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	c1fd543 Browse files » Fix pydantic-settings env var name mapping for auth ... Pydantic-settings converts snake_case field names to UPPER_CASE env vars by removing underscores. gnexus_auth_client_id became GNEXUS_AUTH_CLIENT_ID but .env used GNAUTH_CLIENT_ID. Rename all Settings fields from gnexus_auth_* to gnauth_* so they map correctly to GNAUTH_* env vars. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	d65490e Browse files » Add graceful auth-not-configured guards ... - auth_login/auth_callback return 503 when GNAUTH_CLIENT_ID/SECRET are empty - webhooks return 503 when OAuth not configured - _resolve_user returns None early if auth not configured, avoiding crash during anonymous requests when gnexus-auth is not set up Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
2026-05-03	3014ba6 Browse files » Multi-user auth via gnexus-auth OAuth + hybrid role/permission model ... - Integrate gnexus-auth-client-py (GAuthClient) for OAuth flow, token refresh, and webhook parsing - Add navi/auth/ package: User model, Fernet encryptor, client singleton, deps (get_current_user, require_admin, require_permission) - New tables: navi_users, user_auth_sessions (auto-created on startup) - Session/memory isolation by user_id with legacy NULL support - Cookie-based auth proxy: /auth/login, /callback, /logout, /me - Webhook receiver /webhooks/gnexus-auth handling user events, global logout, session revocation, role/permission changes - Admin endpoints (/admin/*) gated by role + permissions - Webclient auth store with isAdmin/hasPermission guards - Admin-only profile filtering in /agents/profiles - 200/200 tests passing Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 3 May