31cf6b6961
invalidation-fix4
Deploy on push / deploy (push) Successful in 3m9s
2025-10-01 23:59:09 +03:00
116deb16d7
invalidation-follow-fix3
Deploy on push / deploy (push) Successful in 3m12s
2025-10-01 23:53:09 +03:00
2dacb837f3
follow-cache-invalidation-fix
Deploy on push / deploy (push) Successful in 3m18s
2025-10-01 23:41:28 +03:00
50539a71ba
following-cache-invalidation-fix
Deploy on push / deploy (push) Successful in 3m20s
2025-10-01 17:53:28 +03:00
4800f227bc
follow-cache-invalidate-before-fix
Deploy on push / deploy (push) Successful in 5m18s
2025-10-01 15:04:36 +03:00
14ff155789
config-fix
Deploy on push / deploy (push) Successful in 3m19s
2025-09-30 21:48:29 +03:00
3ae675c52c
auth-fix
Deploy on push / deploy (push) Successful in 5m44s
2025-09-30 19:20:41 +03:00
9b284852e9
oath2.0
Deploy on push / deploy (push) Successful in 2m57s
2025-09-29 16:33:49 +03:00
504152981b
admin-auth
Deploy on push / deploy (push) Successful in 3m3s
2025-09-29 16:08:58 +03:00
f2398d3592
protected-route-fix
Deploy on push / deploy (push) Successful in 3m2s
2025-09-29 15:54:22 +03:00
8e944e399a
oauth-fix
Deploy on push / deploy (push) Successful in 3m7s
2025-09-29 13:59:49 +03:00
f10c29c9ca
logfix
Deploy on push / deploy (push) Successful in 2m51s
2025-09-29 12:51:04 +03:00
b4b41fde08
oauth-fixing
Deploy on push / deploy (push) Successful in 2m47s
2025-09-29 08:53:39 +03:00
327135c09b
cleaner-log4
Deploy on push / deploy (push) Successful in 4m29s
2025-09-29 08:15:15 +03:00
a0ab20f276
cleaner-log3
Deploy on push / deploy (push) Successful in 3m2s
2025-09-29 01:00:18 +03:00
d7e50c6e31
cleaner-log2
Deploy on push / deploy (push) Successful in 2m53s
2025-09-29 00:46:54 +03:00
d57e59f98b
cleaner-log
Deploy on push / deploy (push) Successful in 2m57s
2025-09-29 00:40:10 +03:00
6496bee531
fetch-profile
Deploy on push / deploy (push) Successful in 2m55s
2025-09-29 00:27:16 +03:00
147e227fa0
oauth-google
Deploy on push / deploy (push) Successful in 2m57s
2025-09-28 20:53:42 +03:00
c338bdc683
oauth-github
Deploy on push / deploy (push) Has been cancelled
2025-09-28 20:52:17 +03:00
44b69dc743
oauth-raw-req-control
Deploy on push / deploy (push) Successful in 2m55s
2025-09-28 20:45:08 +03:00
9b727ac9ca
oauth-fix
Deploy on push / deploy (push) Successful in 2m55s
2025-09-28 20:34:26 +03:00
d1e35dd8b1
oauth-redirect-uri-fix
Deploy on push / deploy (push) Successful in 2m54s
2025-09-28 20:04:52 +03:00
dcdb6c7b30
lesslogs2
Deploy on push / deploy (push) Successful in 2m54s
2025-09-28 17:36:04 +03:00
af0f3e3dea
lesslogs
Deploy on push / deploy (push) Successful in 2m55s
2025-09-28 17:26:23 +03:00
752e2dcbdc
[0.9.28] - 2025-09-28
...
Deploy on push / deploy (push) Successful in 2m46s
### 🍪 CRITICAL Cross-Origin Auth
- **🔧 SESSION_COOKIE_DOMAIN**: Добавлена поддержка поддоменов `.discours.io` для cross-origin cookies
- **🌐 Cross-Origin SSE**: Исправлена работа Server-Sent Events с httpOnly cookies между поддоменами
- **🔐 Unified Auth**: Унифицированы настройки cookies для OAuth, login, refresh, logout операций
- **📝 MyPy Compliance**: Исправлена типизация `SESSION_COOKIE_SAMESITE` с использованием `cast()`
### 🛠️ Technical Changes
- **settings.py**: Добавлен `SESSION_COOKIE_DOMAIN` с типобезопасной настройкой SameSite
- **auth/oauth.py**: Обновлены все `set_cookie` вызовы с `domain` параметром
- **auth/middleware.py**: Добавлена поддержка `SESSION_COOKIE_DOMAIN` в logout операциях
- **resolvers/auth.py**: Унифицированы cookie настройки в login/refresh/logout resolvers
- **auth/__init__.py**: Обновлены cookie операции с domain поддержкой
### 📚 Documentation
- **docs/auth/sse-httponly-integration.md**: Новая документация по SSE + httpOnly cookies интеграции
- **docs/auth/architecture.md**: Обновлены диаграммы для unified httpOnly cookie архитектуры
### 🎯 Impact
- ✅ **GraphQL API** (`v3.discours.io`) теперь работает с httpOnly cookies cross-origin
- ✅ **SSE сервер** (`connect.discours.io`) работает с теми же cookies
- ✅ **Безопасность**: httpOnly cookies защищают от XSS атак
- ✅ **UX**: Автоматическая аутентификация без управления токенами в JavaScript
2025-09-28 13:06:03 +03:00
fb98a1c6c8
[0.9.28] - OAuth/Auth with httpOnly cookie
Deploy on push / deploy (push) Successful in 4m32s
2025-09-28 12:22:37 +03:00
6451ba7de5
cookie-fix
Deploy on push / deploy (push) Successful in 2m53s
2025-09-27 20:37:19 +03:00
ee82a8f684
cookie-debug2
Deploy on push / deploy (push) Successful in 2m47s
2025-09-27 20:25:30 +03:00
c46b30a671
cookie-debug
Deploy on push / deploy (push) Successful in 2m48s
2025-09-27 20:17:00 +03:00
19e0092a83
cilog
Deploy on push / deploy (push) Successful in 4m20s
2025-09-27 13:59:40 +03:00
bd54d900aa
separate-codegen-fix2
Deploy on push / deploy (push) Failing after 32s
2025-09-27 13:56:10 +03:00
eab0ba7b42
separate-codegen-fix
Deploy on push / deploy (push) Failing after 30s
2025-09-27 13:53:00 +03:00
a2cca6f189
..
Deploy on push / deploy (push) Failing after 35s
2025-09-27 13:51:15 +03:00
2ac983d81e
nodiag
Deploy on push / deploy (push) Failing after 36s
2025-09-27 13:47:26 +03:00
e0e3e39d55
codegen-2addr
Deploy on push / deploy (push) Failing after 35s
2025-09-27 13:30:47 +03:00
853ed77083
ci-diagnostic
Deploy on push / deploy (push) Failing after 34s
2025-09-27 13:28:51 +03:00
03626ec20d
panelfix
Deploy on push / deploy (push) Failing after 31s
2025-09-27 13:20:56 +03:00
97cb0f999c
panel-install-fix
Deploy on push / deploy (push) Failing after 32s
2025-09-27 13:08:57 +03:00
0f6cc61286
mypyfix
Deploy on push / deploy (push) Failing after 36s
2025-09-27 12:31:53 +03:00
ee799120f6
fmt
Deploy on push / deploy (push) Failing after 34s
2025-09-26 21:13:23 +03:00
05c188df62
[0.9.29] - 2025-09-26
...
Deploy on push / deploy (push) Failing after 39s
### 🚨 CRITICAL Security Fixes
- **🔒 Open Redirect Protection**: Добавлена строгая валидация redirect_uri против whitelist доменов
- **🔒 Rate Limiting**: Защита OAuth endpoints от брутфорса (10 попыток за 5 минут на IP)
- **🔒 Logout Endpoint**: Критически важный endpoint для безопасного отзыва httpOnly cookies
- **🔒 Provider Validation**: Усиленная валидация OAuth провайдеров с логированием атак
- **🚨 GlitchTip Alerts**: Автоматические алерты безопасности в GlitchTip при критических событиях
### 🛡️ Security Modules
- **auth/oauth_security.py**: Модуль безопасности OAuth с валидацией и rate limiting + GlitchTip алерты
- **auth/logout.py**: Безопасный logout с поддержкой JSON API и browser redirect
- **tests/test_oauth_security.py**: Комплексные тесты безопасности (11 тестов)
- **tests/test_oauth_glitchtip_alerts.py**: Тесты интеграции с GlitchTip (8 тестов)
### 🔧 OAuth Improvements
- **Minimal Flow**: Упрощен до минимума - только httpOnly cookie, нет JWT в URL
- **Simple Logic**: Нет error параметра = успех, максимальная простота
- **DRY Refactoring**: Устранено дублирование кода в logout и валидации
### 🎯 OAuth Endpoints
- **Старт**: `v3.dscrs.site/oauth/{provider}` - с rate limiting и валидацией
- **Callback**: `v3.dscrs.site/oauth/{provider}/callback` - безопасный redirect_uri
- **Logout**: `v3.dscrs.site/auth/logout` - отзыв httpOnly cookies
- **Финализация**: `testing.discours.io/oauth?redirect_url=...` - минимальная схема
### 📊 Security Test Coverage
- ✅ Open redirect attack prevention
- ✅ Rate limiting protection
- ✅ Provider validation
- ✅ Safe fallback mechanisms
- ✅ Cookie security (httpOnly + Secure + SameSite)
- ✅ GlitchTip integration (8 тестов алертов)
### 📝 Documentation
- Создан `docs/oauth-minimal-flow.md` - полное описание минимального flow
- Обновлена документация OAuth в `docs/auth/oauth.md`
- Добавлены security best practices
2025-09-26 21:03:45 +03:00
ac0111cdb9
tests-upgrade
Deploy on push / deploy (push) Successful in 57m1s
2025-09-25 09:40:12 +03:00
1992434a13
npmfix
Deploy on push / deploy (push) Has been cancelled
2025-09-25 08:52:55 +03:00
34738ae611
[0.9.25] - 2025-01-25
...
Deploy on push / deploy (push) Failing after 24s
### Added
- 🔍 **OAuth Detailed Logging**: Добавлено пошаговое логирование OAuth callback для диагностики ошибок `auth_failed`
- 🧪 **OAuth Diagnostic Tools**: Создан `oauth_debug.py` для анализа OAuth callback параметров и диагностики проблем
- 📊 **OAuth Test Helper**: Добавлен `oauth_test_helper.py` для создания тестовых состояний OAuth в Redis
- 🔧 **OAuth Provider Detection**: Автоматическое определение OAuth провайдера по формату authorization code
### Fixed
- 🚨 **OAuth Callback Error Handling**: Улучшена обработка исключений в OAuth callback с детальным логированием каждого шага
- 🔍 **OAuth Exception Tracking**: Добавлено логирование исключений на каждом этапе: token exchange, profile fetch, user creation, session creation
- 📋 **OAuth Error Diagnosis**: Реализована система диагностики для выявления точной причины `error=auth_failed` редиректов
### Changed
- 🔧 **OAuth Callback Flow**: Разделен OAuth callback на логические шаги с индивидуальным error handling
- 📝 **OAuth Error Messages**: Улучшены сообщения об ошибках для более точной диагностики проблем
2025-09-25 08:48:36 +03:00
2ce8a5b957
🔧 Add detailed OAuth callback logging for debugging auth_failed errors
Deploy on push / deploy (push) Successful in 54m37s
2025-09-25 07:54:00 +03:00
5d0ad2a2e3
oauth-fix3
Deploy on push / deploy (push) Successful in 7m8s
2025-09-24 23:11:01 +03:00
77513080c7
oauth-fix2
Deploy on push / deploy (push) Successful in 7m3s
2025-09-24 19:39:50 +03:00
c9b6c77658
oauth-fix2
Deploy on push / deploy (push) Successful in 6m59s
2025-09-24 19:30:06 +03:00
12023d9eda
oauth-fix
Deploy on push / deploy (push) Successful in 7m5s
2025-09-24 13:35:49 +03:00
