feat: auth hardening — scope enforcement, tenant isolation, and docs
Add @PreAuthorize annotations to all API controllers (14 endpoints
across 6 controllers) enforcing OAuth2 scopes: apps:manage, apps:deploy,
billing:manage, observe:read, platform:admin.
Enforce tenant isolation: TenantResolutionFilter now rejects cross-tenant
access on /api/tenants/{id}/* paths. New TenantOwnershipValidator checks
environment/app ownership for paths without tenantId. Platform admins
bypass both layers.
Fix frontend: OrgResolver split into two useEffect hooks so scopes
refresh on org switch. Scopes now served from /api/config (single source
of truth). Bootstrap cleaned — standalone org permissions removed.
Update docs/architecture.md, docs/user-manual.md, and CLAUDE.md to
reflect all auth hardening changes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -47,6 +47,7 @@ function App() {
|
||||
logtoEndpoint: string;
|
||||
logtoClientId: string;
|
||||
logtoResource: string;
|
||||
scopes: string[];
|
||||
} | null>(null);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -71,6 +72,9 @@ function App() {
|
||||
'openid', 'profile', 'email', 'offline_access',
|
||||
UserScope.Organizations,
|
||||
UserScope.OrganizationRoles,
|
||||
// API resource scopes — served from /api/config, must be requested
|
||||
// during sign-in for Logto to include them in access tokens.
|
||||
...(config.scopes ?? []),
|
||||
],
|
||||
}}
|
||||
>
|
||||
|
||||
Reference in New Issue
Block a user