hobokenchicken/GopherGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add multi-user RBAC with admin/viewer roles and user management
Some checks failed
CI / Check (push) Has been cancelled
Details
CI / Clippy (push) Has been cancelled
Details
CI / Formatting (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Release Build (push) Has been cancelled
Details

Browse Source 
Add complete multi-user support with role-based access control:

Backend:
- Add users CRUD endpoints (GET/POST/PUT/DELETE /api/users) with admin-only guards
- Add display_name column to users table with ALTER TABLE migration
- Fix auth to use session-based user identity (not hardcoded 'admin')
- Add POST /api/auth/logout to revoke server-side sessions
- Add require_admin() and extract_session() helpers for clean RBAC
- Guard all mutating endpoints (clients, providers, models, settings, backup)

Frontend:
- Add Users management page with create/edit/reset-password/delete modals
- Add role gating: hide edit/delete buttons for viewers on clients, providers, models
- Settings page hides auth tokens and admin actions for viewers
- Logout now revokes server session before clearing localStorage
- Sidebar shows real display_name and formatted role (Administrator/Viewer)
- Fix sidebar header: single logo with onerror fallback, renamed to 'LLM Proxy'
- Add badge and btn-action CSS classes for role pills and action buttons
- Bump cache-bust to v=7
This commit is contained in:
Dustin Newkirk
2026-03-02 15:58:33 -05:00
parent 5bf41be343
commit e07377adc0
17 changed files with 885 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
static/js/pages/settings.js
View File

@@ -38,6 +38,7 @@ class SettingsPage {
<label>Application Version</label>
<input type="text" value="${this.settings.server.version}" disabled>
</div>
${window._userRole === 'admin' ? `
<div class="form-control">
<label>Authentication Tokens</label>
<div class="tokens-list" style="display: flex; flex-direction: column; gap: 0.5rem; margin-bottom: 1rem;">
@@ -52,6 +53,7 @@ class SettingsPage {
</div>
<small>Auth tokens are configured via environment variables or <code>config.toml</code>.</small>
</div>
` : ''}
</div>
</div>
@@ -95,12 +97,16 @@ class SettingsPage {
</div>
</div>
<div class="form-actions">
${window._userRole === 'admin' ? `
<button class="btn btn-secondary" onclick="window.settingsPage.refreshRegistry()">
<i class="fas fa-sync"></i> Force Registry Refresh
</button>
<button class="btn btn-danger" onclick="window.settingsPage.triggerBackup()">
<i class="fas fa-file-archive"></i> Export Database Backup
</button>
` : `
<span style="color: var(--fg4); font-size: 0.85rem;">Admin access required for registry refresh and backups.</span>
`}
</div>
</div>
</div>