cameleer/cameleer-saas
2
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases Wiki Activity
144 Commits 6 Branches 1 Tag
0472528cd6dafcfbe5ba6b54fadab1154838b2e2
Commit Graph

71 Commits

Author SHA1 Message Date
hsiegeln
bd8dfcf147 fix: use concrete ClickHouseDataSource return type to avoid bean ambiguity 2026-04-04 17:32:09 +02:00
hsiegeln
803b8c9876 feat: add Phase 3 dependencies and configuration 
Add docker-java and ClickHouse JDBC dependencies, RuntimeConfig and
ClickHouseConfig Spring components, AsyncConfig with deployment thread
pool, and runtime/clickhouse config sections in application.yml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 17:29:06 +02:00
hsiegeln
db7647f7f4 refactor: remove Phase 1 auth endpoints, switch to Logto OIDC 
Auth is now handled by Logto. Removed AuthController, AuthService,
and related DTOs. Integration tests use Spring Security JWT mocks.
Ed25519 JwtService retained for machine token signing.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:12:50 +02:00
hsiegeln
42bd116af1 feat: add Logto Management API client for org provisioning 
Creates Logto organizations when tenants are created. Authenticates
via M2M client credentials. Gracefully skips when Logto is not
configured (dev/test mode).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:07:43 +02:00
hsiegeln
0f3bd209a1 feat: add ForwardAuth endpoint for Traefik integration 
GET /auth/verify validates JWT and returns X-User-Id, X-User-Email
headers for downstream service routing via Traefik middleware.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:05:13 +02:00
hsiegeln
e58e2caf8e feat: add tenant context resolution from Logto organization_id claim 
TenantResolutionFilter extracts organization_id from Logto JWT and
resolves to local tenant via TenantService. ThreadLocal TenantContext
available throughout request lifecycle.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:05:05 +02:00
hsiegeln
0d9c51843d feat: add OAuth2 Resource Server for Logto OIDC authentication 
Dual auth: machine endpoints use Ed25519 JWT filter, all other API
endpoints use Spring Security OAuth2 Resource Server with Logto OIDC.
Mock JwtDecoder provided for test isolation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:03:06 +02:00
hsiegeln
9a575eaa94 feat: add license controller with generate and fetch endpoints 
POST /api/tenants/{id}/license generates Ed25519-signed license JWT.
GET /api/tenants/{id}/license returns active license.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 15:00:31 +02:00
hsiegeln
d987969e05 feat: add license service with Ed25519 JWT signing and verification 
Generates tier-aware license tokens with features/limits per tier.
Verifies signature and expiry. Audit logged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:58:56 +02:00
hsiegeln
a74894e0f1 feat: add license entity, repository, and database migration 
Licenses table linked to tenants with JSONB features/limits, Ed25519
signed token storage, and revocation support.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:56:52 +02:00
hsiegeln
c1cae25db7 feat: add tenant service, controller, and DTOs with TDD 
CRUD operations for tenants with slug-based lookup, tier management,
and audit logging. Integration tests verify 201/409/401 responses.
 2026-04-04 14:53:58 +02:00
hsiegeln
119034307c feat: add tenant entity, repository, and database migration 
Tenants table with slug, tier (LOW/MID/HIGH/BUSINESS), status
(PROVISIONING/ACTIVE/SUSPENDED/DELETED), Logto org reference, and
Stripe IDs.
 2026-04-04 14:53:51 +02:00
hsiegeln
0a2d5970e4 feat: externalize Ed25519 keys with file-based loading 
Keys are loaded from PEM files when CAMELEER_JWT_PRIVATE_KEY_PATH and
CAMELEER_JWT_PUBLIC_KEY_PATH are set. Falls back to ephemeral key
generation for development.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:48:20 +02:00
hsiegeln
b5bd67fbd6 feat: add Spring Security with JWT filter, auth controller, and health endpoint 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:27:41 +02:00
hsiegeln
770f59500d feat: add login with password verification and audit logging 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:26:37 +02:00
hsiegeln
33c4a2991f feat: add Ed25519 JWT signing and verification 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:25:27 +02:00
hsiegeln
aff10704e0 feat: add user entity, registration, and RBAC model 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:23:59 +02:00
hsiegeln
cdd19e180e feat: add audit logging framework with immutable append-only log 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:22:33 +02:00
hsiegeln
d7cc3a3e04 feat: add Flyway migrations for users, roles, and permissions 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:13:49 +02:00
hsiegeln
a7e28cab32 feat: add Docker Compose + TestContainers for PostgreSQL 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:13:39 +02:00
hsiegeln
c113c2b38b feat: initialize Maven project with Spring Boot 3.4.3 + Java 21 
Set up the foundational Spring Boot project structure:
- Root POM with web, security, JPA, Flyway, validation, AOP, actuator
- PostgreSQL + Testcontainers for test infrastructure
- Application YAML configs for default, dev, and test profiles
- Maven wrapper (3.9.9) for reproducible builds
- .gitignore for Maven/IDE/OS artifacts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-30 10:08:14 +02:00