phamnazage-jpg 4e2ee087fd feat(vNext.4): implement trusted-subject security chain for portal user key self-service ...

- Add portal_auth.go: Portal user session auth with HMAC-signed cookies
- Add /api/portal/session/{login,logout,state} endpoints
- Update nginx config template: cookie-to-header trusted proxy pattern
- Update frontend: sync CRM session on login/logout
- Add TRUSTED_SUBJECT_DEPLOY_GUIDE.md with remote43 deployment steps
- Update EXECUTION_BOARD.md: mark trusted-subject blocking issue as resolved

This implements the secure chain:
  Browser → Portal → nginx (cookie→header) → CRM (verify proxy secret)

Required remote43 actions:
1. Generate 64-char hex secret
2. Update .env.crm with TRUSTED_* config
3. Update nginx with cookie map and header injection
4. Restart services

Fixes EXECUTION_BOARD.md 2026-06-08 blocking issue

2026-06-09 07:48:03 +08:00

..

admin

fix(portal): restore missing inputs in providers.html (revert buggy reorder)

2026-06-03 21:02:50 +08:00

admin-batch-import.html

refactor(portal): move .hint info-banner ABOVE its <input> + upgrade to teal-accented banner style

2026-06-03 20:01:44 +08:00

admin-common.css

style(portal): add design system + shared layer (portal.css/portal.js/admin-common.css shim)

2026-06-03 09:10:45 +08:00

admin-common.js

feat: harden runtime import and frontend verification workflows

2026-06-04 20:02:36 +08:00

index.html

feat(vNext.4): implement trusted-subject security chain for portal user key self-service

2026-06-09 07:48:03 +08:00

nginx.sub.tksea.top.conf.example

feat(vNext.4): implement trusted-subject security chain for portal user key self-service

2026-06-09 07:48:03 +08:00

portal.css

refactor(portal): move .hint info-banner ABOVE its <input> + upgrade to teal-accented banner style

2026-06-03 20:01:44 +08:00

portal.js

fix(portal): unify all input/select/textarea/label/button/table styles via global fallback

2026-06-03 11:05:10 +08:00