erik/slugkit
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases 6 Packages Wiki Activity Actions

Add viewer role access controls #173

Merged
erik merged 1 commit from feat/task-cdb4c12b-viewer-access into main 2026-06-21 07:46:25 -05:00
Conversation 1 Commits 1 Files changed 23 +338 -73
erik commented 2026-06-20 21:28:34 -05:00
Owner
Copy link

Summary

  • Allow signed-in viewers to access API-key management while keeping Site users and ActivityPub settings admin-only.
  • Add API-key ownership and scope support, with viewer-created keys limited to read-only posts/sources/contacts access.
  • Thread API operation context through bearer auth so scoped keys can be authorized per route operation.
  • Keep admin-created/unscoped keys with full API access and admin users with full settings/API capabilities.
  • Update settings navigation, API-key UI copy, auth docs, migrations, and regression tests.

Verification

  • npm test --workspace @slugkit/template-site -- src/auth/__tests__/api-keys.test.ts src/routes/__tests__/admin-api-keys.test.ts src/routes/__tests__/admin-passkeys.test.ts src/routes/__tests__/admin-users.test.ts src/routes/__tests__/admin-activitypub.test.ts src/db/__tests__/migrations.test.ts
  • npm run build --workspace @slugkit/template-site
  • ./scripts/pre-pr.sh
## Summary - Allow signed-in viewers to access API-key management while keeping Site users and ActivityPub settings admin-only. - Add API-key ownership and scope support, with viewer-created keys limited to read-only posts/sources/contacts access. - Thread API operation context through bearer auth so scoped keys can be authorized per route operation. - Keep admin-created/unscoped keys with full API access and admin users with full settings/API capabilities. - Update settings navigation, API-key UI copy, auth docs, migrations, and regression tests. ## Verification - `npm test --workspace @slugkit/template-site -- src/auth/__tests__/api-keys.test.ts src/routes/__tests__/admin-api-keys.test.ts src/routes/__tests__/admin-passkeys.test.ts src/routes/__tests__/admin-users.test.ts src/routes/__tests__/admin-activitypub.test.ts src/db/__tests__/migrations.test.ts` - `npm run build --workspace @slugkit/template-site` - `./scripts/pre-pr.sh`
feat: add viewer access controls
All checks were successful
CI / build-lint-test (pull_request) Successful in 50s
Details
9e11908fa3 
Task: #task-cdb4c12b
erik commented 2026-06-20 21:30:01 -05:00
Author
Owner
Copy link

PR Review: Approved

Summary

This PR makes the stored viewer role usable for non-admin settings access while keeping management-only areas admin-only. It adds API-key ownership, viewer read scopes, operation-aware bearer authorization, viewer API-key UI access, navigation filtering, migration coverage, tests, and auth documentation.

Acceptance criteria

  • A signed-in viewer can access passkey management and create a passkey for their own account — met: existing viewer passkey route coverage remains, and nav now includes allowed viewer links.
  • A signed-in viewer can access API key management and create an API key for their own account — met: /settings/api-keys now uses site-user session auth, lists viewer-owned keys, and creates viewer-owned keys.
  • Viewer-created API keys can authenticate GET requests for posts, sources, and contacts — met: viewer key test exercises GET /api/v1/posts, /api/v1/sources, and /api/v1/contacts.
  • Viewer-created API keys cannot create, update, or delete posts, sources, contacts, or other resources — met: scoped-key authorization only maps list/get operations for posts, sources, and contacts; tests cover denied post creation and management-only site-config access, plus unit coverage for denied non-read operations.
  • Viewers cannot access /admin/users or /admin/activitypub — met for the current settings route family: existing viewer tests deny /settings/users and /settings/activitypub; old /admin pages are not active routes in this codebase.
  • Viewers do not see Site users or ActivityPub links in admin navigation — met by navigation filtering and viewer tests asserting those links are absent.
  • Admin users retain full access to all admin pages and API capabilities — met: admin/unscoped keys retain full API access and admin routes remain guarded by stored admin role checks.
  • Tests cover viewer browser access, viewer API-key access, denied write operations, and admin-only management pages — met across API-key, passkey, users, ActivityPub, and API-key unit tests.
  • Documentation explains viewer role capabilities and restrictions — met in template/site/src/auth/README.md.
  • Relevant lint/test checks pass — met locally and in CI.

Blocking issues

None.

Warnings

None.

Verification

  • npm test --workspace @slugkit/template-site -- src/auth/__tests__/api-keys.test.ts src/routes/__tests__/admin-api-keys.test.ts src/routes/__tests__/admin-passkeys.test.ts src/routes/__tests__/admin-users.test.ts src/routes/__tests__/admin-activitypub.test.ts src/db/__tests__/migrations.test.ts
  • npm run build --workspace @slugkit/template-site
  • ./scripts/pre-pr.sh
  • Forgejo Actions run #239 passed.

Verdict

Approved. Stop at the human merge gate.

PR Review Worker Result

  • pr: open
  • review: approved
  • pr_comment: posted
  • task_comment: posted
  • blocking_issues: 0
  • warnings: 0
  • criteria_total: 10
  • criteria_met: 10
  • criteria_missing: 0
## PR Review: Approved ### Summary This PR makes the stored `viewer` role usable for non-admin settings access while keeping management-only areas admin-only. It adds API-key ownership, viewer read scopes, operation-aware bearer authorization, viewer API-key UI access, navigation filtering, migration coverage, tests, and auth documentation. ### Acceptance criteria - [x] A signed-in viewer can access passkey management and create a passkey for their own account — met: existing viewer passkey route coverage remains, and nav now includes allowed viewer links. - [x] A signed-in viewer can access API key management and create an API key for their own account — met: `/settings/api-keys` now uses site-user session auth, lists viewer-owned keys, and creates viewer-owned keys. - [x] Viewer-created API keys can authenticate `GET` requests for posts, sources, and contacts — met: viewer key test exercises `GET /api/v1/posts`, `/api/v1/sources`, and `/api/v1/contacts`. - [x] Viewer-created API keys cannot create, update, or delete posts, sources, contacts, or other resources — met: scoped-key authorization only maps list/get operations for posts, sources, and contacts; tests cover denied post creation and management-only site-config access, plus unit coverage for denied non-read operations. - [x] Viewers cannot access `/admin/users` or `/admin/activitypub` — met for the current settings route family: existing viewer tests deny `/settings/users` and `/settings/activitypub`; old `/admin` pages are not active routes in this codebase. - [x] Viewers do not see Site users or ActivityPub links in admin navigation — met by navigation filtering and viewer tests asserting those links are absent. - [x] Admin users retain full access to all admin pages and API capabilities — met: admin/unscoped keys retain full API access and admin routes remain guarded by stored admin role checks. - [x] Tests cover viewer browser access, viewer API-key access, denied write operations, and admin-only management pages — met across API-key, passkey, users, ActivityPub, and API-key unit tests. - [x] Documentation explains viewer role capabilities and restrictions — met in `template/site/src/auth/README.md`. - [x] Relevant lint/test checks pass — met locally and in CI. ### Blocking issues None. ### Warnings None. ### Verification - `npm test --workspace @slugkit/template-site -- src/auth/__tests__/api-keys.test.ts src/routes/__tests__/admin-api-keys.test.ts src/routes/__tests__/admin-passkeys.test.ts src/routes/__tests__/admin-users.test.ts src/routes/__tests__/admin-activitypub.test.ts src/db/__tests__/migrations.test.ts` - `npm run build --workspace @slugkit/template-site` - `./scripts/pre-pr.sh` - Forgejo Actions run #239 passed. ### Verdict Approved. Stop at the human merge gate. PR Review Worker Result - pr: open - review: approved - pr_comment: posted - task_comment: posted - blocking_issues: 0 - warnings: 0 - criteria_total: 10 - criteria_met: 10 - criteria_missing: 0
erik merged commit 2cf665d19c into main 2026-06-21 07:46:25 -05:00
erik deleted branch feat/task-cdb4c12b-viewer-access 2026-06-21 07:46:26 -05:00
erik referenced this pull request from a commit 2026-06-21 07:46:26 -05:00
Add viewer role access controls (#173)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
activitypub

   
admin

   
api

   
articles

   
auth

   
bug

   
cleanup

   
cli

   
comments

   
compatibility

   
config

   
contacts

   
database

   
deployment

   
design

   
dev-env

   
docs

   
documentation

   
email

   
enhancement

   
feature

   
federation

   
feed

   
homepage

   
implementation

   
integration

   
media

   
openapi

   
priority:high

   
priority:low

   
priority:medium

   
proof

   
public-routes

   
public-ui

   
release

   
safety

   
social

   
sources

   
status:active

   
status:canceled

   
status:done

   
status:inprogress

   
status:waiting

   
syndication

   
tailwind

   
template

   
test

   
web
No labels
activitypub
admin
api
articles
auth
bug
cleanup
cli
comments
compatibility
config
contacts
database
deployment
design
dev-env
docs
documentation
email
enhancement
feature
federation
feed
homepage
implementation
integration
media
openapi
priority:high
priority:low
priority:medium
proof
public-routes
public-ui
release
safety
social
sources
status:active
status:canceled
status:done
status:inprogress
status:waiting
syndication
tailwind
template
test
web
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
erik/slugkit!173
No description provided.