forked from wrenn/wrenn
Rafeed M. Bhuiyan
52ad21c339
## What's new Compliance, audit, and account lifecycle improvements — admin actions are now fully auditable, user data is properly anonymized on deletion, and OAuth signup flow gives users control over their profile. ### Audit - Added audit logging for all admin actions (user activate/deactivate, team BYOC toggle, team delete, template delete, build create/cancel) - Added admin audit page with infinite scroll and hierarchical filters - Fixed audit log team assignment — admin/host actions now correctly land under PlatformTeamID - Anonymize audit logs on user hard-delete (actor name, IDs, emails stripped) - Deduplicated audit logger internals (665 → 374 lines, no behavior change) ### Authentication - Separated GitHub OAuth login/signup flows — login no longer auto-creates accounts - Added name confirmation dialog for new GitHub signups ### Account Lifecycle - Email notification sent when account is permanently deleted after grace period - Audit log anonymization tied to user purge (per-user transactional) ### UX - Removed accent gradient bars from admin host dialogs (border + shadow only) - Frontend renders deleted users as styled badge in audit log view ### Others - Version bump - Bug fixes Reviewed-on: wrenn/wrenn#36
59 lines
2.0 KiB
Go
59 lines
2.0 KiB
Go
// Package cpextension defines the types for extending the control plane server.
|
|
// This package is intentionally minimal and dependency-free (relative to internal/)
|
|
// to avoid import cycles between pkg/cpserver and internal/api.
|
|
package cpextension
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/jackc/pgx/v5/pgxpool"
|
|
"github.com/redis/go-redis/v9"
|
|
|
|
"git.omukk.dev/wrenn/wrenn/pkg/audit"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/auth"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/config"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/db"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/email"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/lifecycle"
|
|
"git.omukk.dev/wrenn/wrenn/pkg/scheduler"
|
|
)
|
|
|
|
// ServerContext exposes the initialized dependencies that extensions can use
|
|
// to register routes and start background workers. All fields are read-only
|
|
// from the extension's perspective.
|
|
type ServerContext struct {
|
|
Queries *db.Queries
|
|
PgPool *pgxpool.Pool
|
|
Redis *redis.Client
|
|
HostPool *lifecycle.HostClientPool
|
|
Scheduler scheduler.HostScheduler
|
|
CA *auth.CA
|
|
Audit *audit.AuditLogger
|
|
Mailer email.Mailer
|
|
JWTSecret []byte
|
|
Config config.Config
|
|
}
|
|
|
|
// Extension allows cloud (or any external) code to plug additional
|
|
// routes and background workers into the control plane without modifying
|
|
// the core server.
|
|
type Extension interface {
|
|
// RegisterRoutes is called after all core routes are registered.
|
|
// The chi.Router supports sub-routing, middleware, etc.
|
|
RegisterRoutes(r chi.Router, ctx ServerContext)
|
|
|
|
// BackgroundWorkers returns functions that will be called once with
|
|
// the application context after the server is fully initialized.
|
|
// Each function should start its own goroutine(s) and return.
|
|
BackgroundWorkers(ctx ServerContext) []func(context.Context)
|
|
}
|
|
|
|
// MiddlewareProvider is optionally implemented by extensions that need
|
|
// middleware applied before OSS routes are registered. This allows
|
|
// cloud middleware to wrap existing OSS routes (e.g. billing checks).
|
|
type MiddlewareProvider interface {
|
|
Middlewares(ctx ServerContext) []func(http.Handler) http.Handler
|
|
}
|