f860ab6c85
Phase 3.4: backend self-managed auth cutover
...
All backend auth now goes through our own token service — Firebase Auth
dependency is fully removed from auth paths. FCM (firebase-admin messaging)
is still used for push.
Schema:
- auth_sessions (multi-device refresh tokens, bcrypt-hashed)
- otp_requests (Fazpass reference + rate-limit history)
- customers.email + google_sub + apple_sub (social identity)
- control_center_users.password_hash + failed_login_count + lockout_until
- firebase_uid columns made nullable (drop in later cleanup migration)
- 6 new app_config keys for OTP + CC lockout tuning
Services:
- password.service.js — bcrypt cost 12 + complexity (min 8, digit + upper +
lower)
- token.service.js — JWT HS256 access (1h) + opaque refresh (30d, bcrypt-
hashed, rotated on use); session_id claim pre-wires future Valkey-based
instant revocation; revokeSession + revokeAllSessionsForUser helpers
- social-identity.service.js — Google via google-auth-library, Apple via
jwks-rsa + jsonwebtoken
- otp.service.js — Fazpass stub (generates locally, logs the code) clearly
marked for replacement once real API docs arrive; rate-limit + resend
cooldown + verify-attempts all configurable via app_config
- auth.service.js — orchestrator: signInAnonymous, completeCustomer/Mitra-
PhoneSignIn, signInWithGoogle, signInWithApple, signInCcUser, refresh,
logout; reject-on-existing for identity conflicts
- cc-user.service.js — email+password helpers + lockout counters
Routes & middleware:
- authenticate middleware now verifies our JWT and attaches
request.auth = { userType, userId, sessionId }
- WebSocket handshake verifies our JWT (no more Firebase lookup)
- All existing routes updated to use request.auth.userId instead of
request.firebaseUser.uid
- New public routes:
/api/shared/auth/anonymous /refresh /logout
/api/client/auth/otp/request /otp/verify /google /apple /me /profile
/api/mitra/auth/otp/request /otp/verify /me
- New internal routes:
/internal/auth/login /refresh /logout /me (httpOnly cookie refresh)
/internal/control-center-users (accepts plain password, bcrypt-hashed)
/internal/control-center-users/me/password (self-service change)
/internal/control-center-users/:id/password (admin forced reset)
- Deleted legacy customer.routes.js (anonymous + link handled by auth now)
- app.internal.js: @fastify/cookie + CORS credentials for CC httpOnly cookie
Config:
- AUTH_JWT_SECRET + ACCESS_TOKEN_TTL_SECONDS + REFRESH_TOKEN_TTL_DAYS env
- FAZPASS_* env vars (TBD until real API docs)
- GOOGLE_OAUTH_CLIENT_IDS, APPLE_SERVICES_ID/TEAM_ID/KEY_ID/PRIVATE_KEY
- ADMIN_EMAIL + ADMIN_PASSWORD for seed
- CC_ORIGIN for internal-app CORS origin allowlist
Dependencies:
- Added: bcrypt, jsonwebtoken, jwks-rsa, google-auth-library, @fastify/cookie
- Kept: firebase-admin (messaging only)
Still outstanding: Fazpass API integration (stub in place), Apple Developer
prereqs for end-to-end iOS testing, client_app/mitra_app/control_center auth
flow rewrites.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-04-24 11:43:25 +08:00
d668112edd
Phase 2 scaffold: mitra online status & pairing logic
...
Add mitra online/offline status with heartbeat-based auto-offline,
customer-mitra pairing via Valkey pub/sub blast, session management,
and control center dashboard with real-time stats.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-05 23:17:49 +08:00
a7a2a32d27
Phase 1 scaffold: auth for all apps
...
- Backend: Fastify with two listeners (public + internal), routes, services, DB migration + seed
- client_app: Flutter with BLoC, all auth screens (welcome, display name, register, OTP, force-register)
- mitra_app: Flutter with BLoC, OTP-only login
- control_center: React + Vite, email/password login, mitra/user management, anonymity settings
- Docs: phase1 plan, API contract, client app mockup
- CLAUDE.md and shared memory for all subprojects
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-04-05 10:08:42 +08:00
