-
Notifications
You must be signed in to change notification settings - Fork 3.7k
feat: Add multi-user authentication and role-based access control to Vane #1107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
stanleyau-xx
wants to merge
28
commits into
ItzCrazyKns:master
Choose a base branch
from
stanleyau-xx:main
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 14 commits
Commits
Show all changes
28 commits
Select commit
Hold shift + click to select a range
cea25d0
feat: add multi-user authentication, role-based access control, and a…
stanleyau-xx 0823a0d
docs: update clone URLs to point to this fork
stanleyau-xx f8d0321
chore: use node:24.4.0-slim as base image (match upstream)
stanleyau-xx b65b15d
chore: remove troubleshooting/debug screenshots
stanleyau-xx 6e9561f
chore: remove troubleshooting/debug screenshots
stanleyau-xx 4a8f44f
fix: handle undefined selectedSection in SettingsDialogue
stanleyau-xx 59e7f93
fix: show all discover results regardless of thumbnail presence
stanleyau-xx 4dc2121
revert: restore thumbnail filter (SearXNG proxy issue was the cause)
stanleyau-xx 9d5a890
feat: add Change Password section in Settings
stanleyau-xx 3a607e6
chore: extend session cookie maxAge to 1 year
stanleyau-xx ebc0722
feat: add warm theme support
stanleyau-xx 43c0ab5
fix: revert darkMode change (caused theme styling issues)
stanleyau-xx 1882118
Remediated browser OOM issue
stanleyau-xx 26f772e
[Security/bugfix] Fix 15 issues from PR #1107: JWT secret enforcement…
stanleyau-xx fd7f97c
[Bugfix/security/robustness] Fix remaining 4 issues flagged by review…
stanleyau-xx d1ac6d4
[fix] UploadManager now requires userId param (type & logic enforced)…
stanleyau-xx b7e243b
[buildfix] Set ENV JWT_SECRET=dummy in Dockerfile to allow Next.js pr…
stanleyau-xx 3e41c12
[fix] Resolve Brainstorming hang, stream parser, and search reliabili…
stanleyau-xx dd6c4b6
Restore searxng/settings.yml to default (use_default_settings: true)
stanleyau-xx 89ea8b2
[Security] Address PR review feedback: JWT hardening, rate limiting, …
stanleya-ctrl bc509be
[Tests] Add comprehensive auth/middleware/unit tests (22 passing)
stanleya-ctrl 512a5f1
Fix setup flow UX: auto-redirect to /setup, fix Finish 404
stanleya-ctrl ae67e5b
[Tests] Add DB migration smoke tests (25 passing)
stanleya-ctrl e97ab8a
[Tests] Replace migration text-check with real execution tests (28 pa…
stanleya-ctrl 45ac1db
Revert Dockerfile builder to node:24.5.0-slim (latest patch)
stanleya-ctrl bd42c00
docs: add Original Vane architecture link and clarify JWT_SECRET enfo…
stanleya-ctrl 12d6043
test: add auth unit tests (password hashing, JWT, session expiry)
stanleya-ctrl ad8e06f
docs: clarify JWT_SECRET enforcement with production example command
stanleya-ctrl File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Some comments aren't visible on the classic Files Changed page.
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| -- Migration: Add users and sessions tables for multi-user auth | ||
| CREATE TABLE IF NOT EXISTS `users` ( | ||
| `id` text PRIMARY KEY NOT NULL, | ||
| `username` text NOT NULL UNIQUE, | ||
| `password_hash` text NOT NULL, | ||
| `role` text DEFAULT 'user' NOT NULL, | ||
| `createdAt` text NOT NULL | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS `sessions` ( | ||
| `id` text PRIMARY KEY NOT NULL, | ||
| `userId` text NOT NULL, | ||
| `expiresAt` text NOT NULL, | ||
| `createdAt` text NOT NULL | ||
| ); | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| -- Migration: Add userId column to chats table for multi-user support | ||
| ALTER TABLE `chats` ADD COLUMN `userId` text NOT NULL DEFAULT 'anonymous'; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| /// <reference types="next" /> | ||
| /// <reference types="next/image-types/global" /> | ||
| import './.next/dev/types/routes.d.ts'; | ||
| import "./.next/dev/types/routes.d.ts"; | ||
|
|
||
| // NOTE: This file should not be edited | ||
| // see https://nextjs.org/docs/app/api-reference/config/typescript for more information. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
P2: RBAC role is stored as unrestricted text in migration, allowing invalid role values and weakening authorization data integrity.
Prompt for AI agents