authentication rework #3

Merged

ninjdai merged 7 commits from feat/auth_rework into upcoming 2026-02-11 09:10:30 +01:00

Conversation 0 Commits 7 Files changed 10 +336 -48

ninjdai commented 2026-02-10 15:35:54 +01:00

Owner

Copy link

This PR reworks the authentication system to lay the groundwork for session management (including allowing disconnecting other connected devices), and slightly better security by reducing the token lifespan to only 7 days and allowing them to be refreshed.

This system makes sessions differentiable from each other using a unique UUID for each. With this, only users who connected using username+password are able to share tokens to allow connection using QR codes.

Features :

• POST /auth/refresh, which returns a new token linked to the same session with a refreshed 7 days expiry time
• POST /auth/share, which is usable only by users who connected via username+password or that were given the auth_share permission, that returns a token to a new session with either the specified permissions or default permissions
• GET /auth/perms, which returns your permissions
• Permission System

This PR reworks the authentication system to lay the groundwork for session management (including allowing disconnecting other connected devices), and slightly better security by **reducing the token lifespan to only 7 days** and allowing them to be refreshed. This system makes sessions differentiable from each other using a unique UUID for each. With this, only users who connected using username+password are able to share tokens to allow connection using QR codes. Features : - [x] POST /auth/refresh, which returns a new token linked to the same session with a refreshed 7 days expiry time - [x] POST /auth/share, which is usable only by users who connected via username+password or that were given the auth_share permission, that returns a token to a new session with either the specified permissions or default permissions - [x] GET /auth/perms, which returns your permissions - [x] Permission System

ninjdai added 1 commit 2026-02-10 15:35:55 +01:00

initial authentication rework b9c811f4e4

ninjdai added 1 commit 2026-02-10 15:46:20 +01:00

remove customizable token duration 66de001946

ninjdai added 1 commit 2026-02-10 16:01:10 +01:00

fix tests 9c3e2ea94a

ninjdai added 1 commit 2026-02-10 16:14:44 +01:00

feat(tests): /auth/refresh test 9d6b020c8e

ninjdai added 1 commit 2026-02-10 23:17:23 +01:00

add permission system and remove session system 1380c29b2f

ninjdai added 1 commit 2026-02-10 23:40:03 +01:00

feat: permissions field in share 9212ea2951

ninjdai changed title from WIP: authentication rework to authentication rework 2026-02-10 23:41:41 +01:00

ninjdai added 1 commit 2026-02-10 23:45:20 +01:00

feat: get self perms endpoint 93ba4c4fad

ninjdai merged commit 7ae4a83e24 into upcoming 2026-02-11 09:10:30 +01:00

ninjdai deleted branch feat/auth_rework 2026-02-11 09:10:31 +01:00

ninjdai referenced this pull request from a commit 2026-02-11 09:10:31 +01:00

refactor: authentication rework (!3)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

UEAuvergne/Alexandria!3

No description provided.