Phase 6: permissions, push, WebAuthn documentation

2026-06-28 17:54:55 -04:00
parent 26599b27cc
commit 92ecc2ec7d
3 changed files with 113 additions and 0 deletions
+97
@@ -0,0 +1,97 @@
# Phase 6: Security, Permissions & Polish
Phase 6 adds roles & permissions, push notifications, and WebAuthn passkey scaffolding.
## Features Implemented
### Roles & Permissions
| Feature | Status | Description |
|---------|--------|-------------|
| Permission bitflags | ✅ | 11 permissions from VIEW_CHANNEL to SHARE_SCREEN |
| Permission checker | ✅ | Aggregates permissions from all user roles |
| Permission middleware | ✅ | `RequirePermission` middleware for route protection |
| Role CRUD | ✅ | Create, list, update, delete roles per server |
| Member role assignment | ✅ | Assign/remove roles from members |
| Default @everyone role | ✅ | Seeded on server creation with basic permissions |
| Frontend role manager | ✅ | Role CRUD UI with permission checkboxes |
| Member role assign | ✅ | UI to assign roles to members |
### Push Notifications
| Feature | Status | Description |
|---------|--------|-------------|
| VAPID key support | ✅ | Backend ready for VAPID keys |
| Push subscription CRUD | ✅ | Subscribe/unsubscribe endpoints |
| Push sender | ✅ | SendPush function for mentioned users |
| Push subscription table | ✅ | DB storage for push subscriptions |
| Frontend push store | ✅ | Already built in Phase 3 |
### WebAuthn Passkeys
| Feature | Status | Description |
|---------|--------|-------------|
| WebAuthn scaffolding | ✅ | Registration and login endpoints (begin/finish) |
| Credential storage | ✅ | webauthn_credentials table |
| Frontend | ⏳ | Needs browser WebAuthn API integration |
## Permission Constants
| Permission | Bit | Value |
|-----------|-----|-------|
| VIEW_CHANNEL | 0 | 1 |
| SEND_MESSAGES | 1 | 2 |
| MANAGE_MESSAGES | 2 | 4 |
| KICK_MEMBERS | 3 | 8 |
| BAN_MEMBERS | 4 | 16 |
| MANAGE_SERVER | 5 | 32 |
| MANAGE_CHANNELS | 6 | 64 |
| ADMINISTRATOR | 7 | 128 |
| CONNECT_VOICE | 8 | 256 |
| SPEAK_VOICE | 9 | 512 |
| SHARE_SCREEN | 10 | 1024 |
## API Endpoints
### Roles
```bash
# Create role
POST /api/v1/servers/{serverID}/roles
{ "name": "Moderator", "color": "#fe8019", "permissions": 76, "position": 1 }
# List roles
GET /api/v1/servers/{serverID}/roles
# Update role
PATCH /api/v1/servers/{serverID}/roles/{roleID}
{ "name": "New Name", "permissions": 127 }
# Delete role
DELETE /api/v1/servers/{serverID}/roles/{roleID}
# Assign roles to member
PUT /api/v1/servers/{serverID}/members/{userID}/roles
{ "role_ids": ["uuid1", "uuid2"] }
```
### Push
```bash
# Get VAPID public key
GET /api/v1/push/vapid-public-key
# Subscribe to push
POST /api/v1/push/subscribe
{ "endpoint": "...", "p256dh": "...", "auth": "..." }
# Unsubscribe
POST /api/v1/push/unsubscribe
{ "endpoint": "..." }
```
## What's Next
- REST API documentation (OpenAPI/Swagger)
- WebAuthn frontend integration
- Push notification frontend integration (needs VAPID keys)
+15
@@ -65,3 +65,18 @@
- [x] Lipgloss Gruvbox theming
- [x] Static binary (`dumpster-tui`)
- [x] Config file + env vars
## Phase 6: Security & Permissions — ✅ DONE
- [x] Permission bitflags (11 permissions)
- [x] Permission checker with role aggregation
- [x] Permission middleware for route protection
- [x] Role CRUD per server
- [x] Member role assignment
- [x] Default @everyone role
- [x] Frontend role manager UI
- [x] Push notification backend (VAPID)
- [x] WebAuthn passkey scaffolding
- [ ] REST API documentation (OpenAPI/Swagger) — future
- [ ] WebAuthn frontend integration — future
- [ ] Push notification frontend integration — needs VAPID keys
+1
@@ -9,6 +9,7 @@
- [Phase 3: Polish & PWA](Phase-3)
- [Phase 4: Bots & Extensibility](Phase-4)
- [Phase 5: TUI Client](Phase-5)
- [Phase 6: Security & Permissions](Phase-6)
- [Frontend Design](Frontend-Design)
- [Self-Hosting](Self-Hosting)
- [Roadmap](Roadmap)