colin
/
ATLAS
forked from Nixius/authelia
1
0
Fork 0
Code Pull Requests Activity
186 Commits 1 Branch 4 Tags 729 KiB
Commit Graph

24 Commits

Author SHA1 Message Date
Leopere 8b3ba3ab5a
archive legacy auth stack 
Move Authelia and LLDAP artifacts out of the active deployment path so ATLAS ships against the Authentik-backed stack and ss-atlas image only.

Made-with: Cursor
 2026-04-25 15:12:47 -04:00
Leopere ec79638f89
correcting success 2026-03-05 15:41:30 -05:00
Leopere 76e351c7e7
bump 2026-03-05 15:29:21 -05:00
Leopere 71b91a4284
bump 2026-03-05 15:25:35 -05:00
Leopere 630bd3d3f4
bump 2026-03-05 15:20:55 -05:00
Leopere 2e8979d4d8
Fix Gitea assets 404: give customer Traefik router priority=2 so /i/username requests hit Gitea not ss-atlas 
Made-with: Cursor
 2026-03-04 20:26:10 -05:00
Leopere 926ddc0356
Add password reset resend button with 1-min rate limit 
- Rate limiter per username (resend_ratelimit.go)
- handleResendReset accepts username or email, returns JSON
- Success page: Resend button with 60s cooldown from first send
- Activate page (NeedLogin): email input + Resend with cooldown

Made-with: Cursor
 2026-03-04 17:18:51 -05:00
Leopere 4ac4de9df2
Path-based routing, tiered pricing, customer details, Stripe MCP 
- Path-based routing: bc.a250.ca/login, /dashboard, /activate, etc.
- Tiered pricing: first 10 free (3mo), next 40 $20/yr->$100/mo, 51+ $200/mo
- Success page: instructs to check inbox for password + 2FA setup
- Messaging: LANDING_TAGLINE, LANDING_FEATURES env vars
- Domain validation: required, must resolve via DNS
- Customer details: phone required, sanitized email/phone, stored in LLDAP
- Stripe MCP: .cursor/mcp.json, stripe-setup.sh for products/prices
- Invoice webhook: migrate $20/yr subs to $100/mo on renewal

Made-with: Cursor
 2026-03-04 17:05:42 -05:00
Leopere 75b63ca923
Persist Gitea config and skip install wizard 
Add gitea_config volume for /etc/gitea so app.ini survives restarts.
Set INSTALL_LOCK=true to skip the setup wizard since all config is
provided via environment variables.

Made-with: Cursor
 2026-03-03 18:32:29 -05:00
Leopere ab11e62c04
Fix security settings links and enable 2FA for customer stacks 
- Update dashboard buttons to use correct Authelia paths:
  /settings/two-factor-authentication and /settings/security
- Change customer stack ACL from one_factor to two_factor so Authelia
  enables the 2FA registration UI (passkeys, TOTP)

Made-with: Cursor
 2026-03-03 18:26:20 -05:00
Leopere 8f55b9802b
Add Account Security card with direct links to Authelia settings 
Replaces the generic "Account Settings" button with a dedicated card
containing passkey, TOTP, and password links plus a warning about
enabling 2FA to prevent account compromise.

Made-with: Cursor
 2026-03-03 18:21:50 -05:00
Leopere bd84b0a578
Include remaining template and route changes 
Made-with: Cursor
 2026-03-03 18:11:38 -05:00
Leopere 91c0411b90
Add /resend-reset endpoint so set-password button sends email directly 
The welcome page button was linking to Authelia's reset page which
requires an active login session. Now it POSTs to /resend-reset which
calls the Authelia API server-side and sends the email immediately.
Button text updated from "Reset Password" to "Set Password".

Made-with: Cursor
 2026-03-03 17:30:38 -05:00
Leopere c68edc70d1
Switch customer stack to Gitea + PostgreSQL two-service pattern 
- web: Gitea (self-hosted Git), exposed via Traefik behind Authelia
- db: PostgreSQL 16, internal backend network only, never exposed
- Establishes the canonical web+db template structure for future products

Made-with: Cursor
 2026-03-03 17:02:49 -05:00
Leopere 463483f769
Unify stack action button behaviour via single event listener 
Replace per-form onsubmit handlers with a single script that handles
all data-stack-action forms identically: confirm if needed, then
disable the button and show a contextual loading label.

Made-with: Cursor
 2026-03-03 17:00:58 -05:00
Leopere 239d2c07e1
Disable stack action buttons on submit to prevent spam 
Made-with: Cursor
 2026-03-03 16:58:56 -05:00
Leopere 084548fcd7
Fix dashboard stack state UI after Destroy 
- Inverted condition was showing 'being provisioned' when stack not deployed
- Actions block was gated on StackDeployed so no Start button after destroy
- Start button now always shown when not running
- Destroy button only shown when stack is deployed
- 'Being provisioned' message replaced with accurate 'stopped' message

Made-with: Cursor
 2026-03-03 16:56:48 -05:00
Leopere 6356cbb1da
Fix Destroy being immediately undone by dashboard auto-redeploy 
Dashboard was auto-deploying any missing stack on every page load.
This stomped on the Destroy action. Stack creation only happens at
activation and via explicit Start — not on dashboard render.

Made-with: Cursor
 2026-03-03 16:52:31 -05:00
Leopere e71831cf9d
Switch customer stack product to Uptime Kuma 
Each customer now receives a dedicated Uptime Kuma monitoring instance
at their subdomain. Drops the unused Redis sidecar from the template.

Made-with: Cursor
 2026-03-03 16:49:50 -05:00
Leopere a92cbe9b72
Add header to stack-template, force-update images on deploy 
- stack-template.yml: prominent comment explaining this is the product
  being sold and how to swap in the real application image
- deploy-stack-dev.sh: force-update locally-built images after stack
  deploy so swarm always runs the freshly built container

Made-with: Cursor
 2026-03-03 16:48:03 -05:00
Leopere 159a0b4455
Remove Rebuild button from dashboard UI 
Made-with: Cursor
 2026-03-03 15:55:21 -05:00
Leopere b66dfa053e
Force auth on all customer stacks, migrate to swarm stack.yml 
- Remove public/private toggle — all customer stacks now always deploy
  behind authelia-auth middleware, no exceptions
- Remove ALLOW_CUSTOMER_STACK_AUTH_TOGGLE and CUSTOMER_STACK_REQUIRE_AUTH_DEFAULT
  config, env vars, routes, and UI
- Replace docker-compose.dev.yml + docker-compose.swarm-dev.yml with
  unified stack.yml for swarm deployment
- Various handler, ldap, stripe, swarm, and template additions from
  prior work sessions

Made-with: Cursor
 2026-03-03 15:51:25 -05:00
Leopere 6fcdd1262d
Bake git commit into Go binary for version traceability 
- Add internal/version package with ldflags-injected Commit/BuildTime
- Dockerfile accepts BUILD_COMMIT/BUILD_TIME args, passes via -ldflags
- Log version on startup, expose GET /version endpoint
- Show commit hash badge in bottom-right of landing + dashboard pages
- Deploy scripts gate on clean git tree and pass commit to build
- Remove staging files, misc config updates

Made-with: Cursor
 2026-03-03 12:51:12 -05:00
Leopere ac24f6d1dc
Add ss-atlas service, config updates, ignore IDE cruft 
Made-with: Cursor
 2026-03-03 11:21:03 -05:00