root/navi-1

Fork: 0

root / navi-1

History for navi-1 / navi / api / routes / auth.py

2026-05-08	bba283f Browse files » Propagate user profile to LLM context via current_user_info ContextVar ... - Extend User model: username, first_name, last_name, phone, birth_date, country, city, locale (all from gnexus-auth profile) - navi_users DDL: add new profile columns - auth/deps + auth/callback: populate new fields on upsert - /auth/me: return all profile fields - Add current_user_info ContextVar for full user profile propagation - websocket + messages: set current_user_info before agent.run() - run_ephemeral: inherit and restore current_user_info - ContextBuilder: _user_context_msg() injects [User context] with name, email, location, locale, role into LLM system messages - _security_policy_msg: reads user_id/role from ContextVar directly Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 8 May
2026-05-08	33ff944 Browse files » Use configured GNAUTH_REDIRECT_URI instead of dynamic base_url ... _get_redirect_uri was building the redirect_uri from request.base_url, which returns the internal address when behind a reverse proxy. This caused gnexus-auth to reject the redirect_uri as invalid. Now _get_redirect_uri always returns settings.gnauth_redirect_uri, so the public URL configured in .env is used consistently. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 8 May
2026-05-04	9001ae0 Browse files » Add full-screen login overlay for unauthenticated users ... - Backend: new endpoint GET /auth/status returns {configured: bool} - Webclient auth store: add authConfigured ref + fetchStatus() - LoginScreen.vue: centered card with logo, title, and login button - App.vue: show LoginScreen overlay when auth is configured but user is not authenticated (z-index 9999, blocks all UI) - App.vue onMounted: fetch auth status before trying to resolve user Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	8e2ae02 Browse files » Add avatar display and gnexus-auth profile link ... Backend: - User model: add avatar_url field - auth/deps.py: extract avatar_url from auth_user.profile (picture/avatar_url) - auth.py /auth/me: return avatar_url + computed profile_url - config.py: add gnauth_profile_path setting - .env.example: document GNAUTH_PROFILE_PATH Frontend: - AppSidebar.vue: show user avatar (or initial fallback) next to name - Clicking user info opens gnexus-auth profile in new tab - Rebuild dist/ Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	03e5f11 Browse files » Revert "Force login prompt in gnexus-auth OAuth flow" ... This reverts commit `f232f21`. Eugene Sukhodolskiy committed on 4 May
	f232f21 Browse files » Force login prompt in gnexus-auth OAuth flow ... Add prompt=login to authorization URL so gnexus-auth always shows the login form instead of silently re-authenticating via existing session. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	605f817 Browse files » Fix missing Annotated/Depends imports in auth.py and UI button class ... - auth.py: add from typing import Annotated and from fastapi import Depends to fix 422 Unprocessable Content on /auth/me and /auth/logout - AppSidebar.vue: replace btn-ghost with btn-primary for login/logout buttons Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	c1fd543 Browse files » Fix pydantic-settings env var name mapping for auth ... Pydantic-settings converts snake_case field names to UPPER_CASE env vars by removing underscores. gnexus_auth_client_id became GNEXUS_AUTH_CLIENT_ID but .env used GNAUTH_CLIENT_ID. Rename all Settings fields from gnexus_auth_* to gnauth_* so they map correctly to GNAUTH_* env vars. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	d65490e Browse files » Add graceful auth-not-configured guards ... - auth_login/auth_callback return 503 when GNAUTH_CLIENT_ID/SECRET are empty - webhooks return 503 when OAuth not configured - _resolve_user returns None early if auth not configured, avoiding crash during anonymous requests when gnexus-auth is not set up Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
	dc14fe0 Browse files » Support dynamic redirect_uri for multi-domain OAuth ... - get_gauth_client(redirect_uri=...) creates per-request client with dynamic redirect_uri while keeping shared state/PKCE stores - auth_login/auth_callback derive redirect_uri from request.base_url so both localhost and server addresses work with one gnexus-auth client Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 4 May
2026-05-03	3014ba6 Browse files » Multi-user auth via gnexus-auth OAuth + hybrid role/permission model ... - Integrate gnexus-auth-client-py (GAuthClient) for OAuth flow, token refresh, and webhook parsing - Add navi/auth/ package: User model, Fernet encryptor, client singleton, deps (get_current_user, require_admin, require_permission) - New tables: navi_users, user_auth_sessions (auto-created on startup) - Session/memory isolation by user_id with legacy NULL support - Cookie-based auth proxy: /auth/login, /callback, /logout, /me - Webhook receiver /webhooks/gnexus-auth handling user events, global logout, session revocation, role/permission changes - Admin endpoints (/admin/*) gated by role + permissions - Webclient auth store with isAdmin/hasPermission guards - Admin-only profile filtering in /agents/profiles - 200/200 tests passing Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Eugene Sukhodolskiy committed on 3 May