cameleer/cameleer-server: Observability server for Cameleer agents - cameleer-server - Gitea: Git with a cup of tea

cameleer/cameleer-server

Go to file

hsiegeln 22e10b639f fix(security): re-read roles from DB and honor token_revoked_before on refresh

Closes two of the three holes in Vuln 2 (refresh-token role-retention privesc):
1. validateRefreshToken did not check token_revoked_before — UiAuthController.refresh
   now mirrors JwtAuthenticationFilter's revocation check against users.token_revoked_before.
2. refresh() preserved roles from the token claim — it now re-reads effective roles
   from rbacService.getSystemRoleNames() so a demoted user gets their current (lower)
   roles on the very next refresh, even before token_revoked_before is bumped.

Task 7 will wire the token_revoked_before bump into UserAdminController.removeRoleFromUser.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-29 10:10:35 +02:00

fix(auth): provision OIDC users on first contact via resource-server flow

2026-04-28 18:41:24 +02:00

chore: hand cameleer-runtime-loader image build to cameleer-saas

2026-04-28 13:02:54 +02:00

docs(triage): close-out follow-up — all 12 parked failures resolved, 560/560 green

2026-04-21 23:45:59 +02:00

.superpowers/brainstorm

revert: temporarily revert EIP_CIRCUIT_BREAKER compound rendering

2026-03-29 18:15:10 +02:00

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

cameleer-license-api

refactor: rename Java packages com.cameleer.{server,license} → io.cameleer

2026-04-28 16:39:55 +02:00

cameleer-license-minter

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

cameleer-server-app

fix(security): re-read roles from DB and honor token_revoked_before on refresh

2026-04-29 10:10:35 +02:00

cameleer-server-core

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

fix(auth): upsert UI login user_id unprefixed (drop docker seeder workaround)

2026-04-20 18:26:03 +02:00

docs(plans): security fixes and SSE command signing implementation plan

2026-04-29 09:39:05 +02:00

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

org/eclipse/elk

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

revert: temporarily revert EIP_CIRCUIT_BREAKER compound rendering

2026-03-29 18:15:10 +02:00

fix(auth): standard OIDC RP behavior — auto-redirect and drop prompt=login

2026-04-28 21:09:38 +02:00

.dockerignore

Add Docker build, K8s manifests, and CI/CD deploy pipeline

2026-03-12 19:01:39 +01:00

.gitattributes

Scaffold cameleer3-server project structure

2026-03-11 10:06:17 +01:00

.gitignore

chore: track .claude/rules/ and add self-maintenance instruction

2026-04-16 09:26:53 +02:00

AGENTS.md

chore(gitnexus): sync indexed symbol count

2026-04-24 09:20:25 +02:00

CLAUDE.md

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

docker-compose.yml

fix(auth): upsert UI login user_id unprefixed (drop docker seeder workaround)

2026-04-20 18:26:03 +02:00

docker-entrypoint.sh

fix: import /certs/ca.pem into JVM truststore at startup

2026-04-11 11:31:26 +02:00

Dockerfile

chore(docker): full-stack docker-compose mirroring deploy/ k8s manifests

2026-04-20 15:52:24 +02:00

HOWTO.md

docs: scrub siegeln.net and LAN IPs from customer-facing docs

2026-04-28 16:49:34 +02:00

openapi.json

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

pom.xml

refactor: flip cameleer-common consumer from com.cameleer to io.cameleer

2026-04-28 17:48:54 +02:00

UI_FINDINGS.md

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00

UI-CONSISTENCY-AUDIT.md

chore: rename cameleer3 to cameleer

2026-04-15 15:28:42 +02:00