rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
953 commits 2 branches 0 tags 140 MiB
Commit graph

9 commits

Author SHA1 Message Date
Tiago Yamamoto
6fbd1f5ffc feat: implement full auth system with HTTPOnly cookies + JWT, fix migrations to UUID v7, remove mock data from frontend 
Backend:
- Fix migrations 037-041 to use UUID v7 (uuid_generate_v7)
- Fix CORS defaults to include localhost:8963
- Fix FRONTEND_URL default to localhost:8963
- Update superadmin password hash with pepper
- Add PASSWORD_PEPPER environment variable

Frontend:
- Replace mockJobs with real API calls in home page
- Replace mockNotifications with notificationsApi in context
- Replace mockApplications with applicationsApi in dashboard
- Fix register/user page to call real registerCandidate API
- Fix hardcoded values in backoffice and messages pages

Auth:
- Support both HTTPOnly cookie and Bearer token authentication
- Login returns token + sets HTTPOnly cookie
- Logout clears HTTPOnly cookie
- Token valid for 24h
 2026-02-16 05:20:46 -06:00
Tiago Yamamoto
eae3df7f38 fix(cors): add PATCH to allowed methods 
Without PATCH in CORS headers, user update was failing with:
'Method PATCH is not allowed by Access-Control-Allow-Methods'
 2025-12-26 00:59:04 -03:00
Tiago Yamamoto
f396acfb72 debug: add RBAC logging to RequireRoles middleware 2025-12-26 00:42:55 -03:00
Tiago Yamamoto
052f5169c5 test(auth): add comprehensive auth tests with 98.6% coverage 
Backend Tests Added:
- auth_middleware_test.go: 25+ tests for HeaderAuthGuard, OptionalHeaderAuthGuard, RequireRoles, TenantGuard, ExtractRoles, hasRole (100% coverage)
- cors_middleware_test.go: 7 tests for CORS origin validation (100% coverage)
- jwt_service_test.go: expanded with expiration parsing, wrong signing method tests (94.4% coverage)

Features:
- Maximum console.log/fmt.Printf output for debugging
- Tests for JWT from header and cookie fallback
- Tests for role-based access (case-insensitive)
- Tests for tenant enforcement
- Tests for token expiration parsing (7d, 2h, invalid formats)

Total backend auth coverage: 98.6%
 2025-12-24 16:20:56 -03:00
Tiago Yamamoto
ac84571c55 debug(auth): add detailed logging to HeaderAuthGuard middleware 2025-12-24 15:14:46 -03:00
Tiago Yamamoto
02f35b46b6 feat: implement dynamic dashboard, auth hardening (pepper/httponly) and backend tests 2025-12-24 01:30:33 -03:00
Tiago Yamamoto
0f2aae3073 fix(backoffice): force 0.0.0.0 binding to resolve deployment crash 
refactor(backend): consolidate admin routes and implement RBAC

feat(frontend): update api client to use consolidated routes
 2025-12-24 00:59:33 -03:00
Tiago Yamamoto
58cfd76675 Add admin backoffice routes and dashboard 2025-12-22 16:37:05 -03:00
Tiago Yamamoto
1c7ef95c1a first commit 2025-12-09 19:04:48 -03:00