sub2api-cn-relay-manager

niuniu/sub2api-cn-relay-manager

Fork 0

Commit Graph

Author	SHA1	Message	Date
phamnazage-jpg	4e2ee087fd	feat(vNext.4): implement trusted-subject security chain for portal user key self-service - Add portal_auth.go: Portal user session auth with HMAC-signed cookies - Add /api/portal/session/{login,logout,state} endpoints - Update nginx config template: cookie-to-header trusted proxy pattern - Update frontend: sync CRM session on login/logout - Add TRUSTED_SUBJECT_DEPLOY_GUIDE.md with remote43 deployment steps - Update EXECUTION_BOARD.md: mark trusted-subject blocking issue as resolved This implements the secure chain: Browser → Portal → nginx (cookie→header) → CRM (verify proxy secret) Required remote43 actions: 1. Generate 64-char hex secret 2. Update .env.crm with TRUSTED_* config 3. Update nginx with cookie map and header injection 4. Restart services Fixes EXECUTION_BOARD.md 2026-06-08 blocking issue	2026-06-09 07:48:03 +08:00
phamnazage-jpg	5b59ad7490	feat(vnext2): close user key self-service on real host Some checks failed CI / Build & Test (push) Has been cancelled Details CI / Lint (push) Has been cancelled Details CI / Security Scan (push) Has been cancelled Details CI / Docker Build (push) Has been cancelled Details CI / Release (push) Has been cancelled Details	2026-06-05 19:58:02 +08:00
phamnazage-jpg	492f33a129	feat(vnext): complete vNext.1 release gate — default chain admission, idempotent init, user key skeleton Some checks failed CI / Build & Test (push) Has been cancelled Details CI / Lint (push) Has been cancelled Details CI / Security Scan (push) Has been cancelled Details CI / Docker Build (push) Has been cancelled Details CI / Release (push) Has been cancelled Details - DEFAULT_CHAIN_ADMISSION.md: reviewed and approved, real artifact refs added - DEFAULT_DATA_IDEMPOTENT_RELEASE_GATE.md: reviewed and approved - scripts/setup_default_data.sh: idempotent init with --dry-run/--apply/artifact - scripts/test/test_default_data.sh: 4 test cases all pass - scripts/acceptance/verify_user_key_self_service.sh: Phase 0 skeleton - .gitignore: add generated artifact directories	2026-06-05 11:07:50 +08:00

Author

SHA1

Message

Date

phamnazage-jpg

4e2ee087fd

feat(vNext.4): implement trusted-subject security chain for portal user key self-service

- Add portal_auth.go: Portal user session auth with HMAC-signed cookies
- Add /api/portal/session/{login,logout,state} endpoints
- Update nginx config template: cookie-to-header trusted proxy pattern
- Update frontend: sync CRM session on login/logout
- Add TRUSTED_SUBJECT_DEPLOY_GUIDE.md with remote43 deployment steps
- Update EXECUTION_BOARD.md: mark trusted-subject blocking issue as resolved

This implements the secure chain:
  Browser → Portal → nginx (cookie→header) → CRM (verify proxy secret)

Required remote43 actions:
1. Generate 64-char hex secret
2. Update .env.crm with TRUSTED_* config
3. Update nginx with cookie map and header injection
4. Restart services

Fixes EXECUTION_BOARD.md 2026-06-08 blocking issue

2026-06-09 07:48:03 +08:00

phamnazage-jpg

5b59ad7490

feat(vnext2): close user key self-service on real host

CI / Build & Test (push) Has been cancelled

Details

CI / Lint (push) Has been cancelled

Details

CI / Security Scan (push) Has been cancelled

Details

CI / Docker Build (push) Has been cancelled

Details

CI / Release (push) Has been cancelled

Details

2026-06-05 19:58:02 +08:00

phamnazage-jpg

492f33a129

feat(vnext): complete vNext.1 release gate — default chain admission, idempotent init, user key skeleton

CI / Build & Test (push) Has been cancelled

Details

CI / Lint (push) Has been cancelled

Details

CI / Security Scan (push) Has been cancelled

Details

CI / Docker Build (push) Has been cancelled

Details

CI / Release (push) Has been cancelled

Details

- DEFAULT_CHAIN_ADMISSION.md: reviewed and approved, real artifact refs added
- DEFAULT_DATA_IDEMPOTENT_RELEASE_GATE.md: reviewed and approved
- scripts/setup_default_data.sh: idempotent init with --dry-run/--apply/artifact
- scripts/test/test_default_data.sh: 4 test cases all pass
- scripts/acceptance/verify_user_key_self_service.sh: Phase 0 skeleton
- .gitignore: add generated artifact directories

2026-06-05 11:07:50 +08:00

3 Commits