git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity
182 Commits 34 Branches 23 Tags
80709d48a78a730f9ead3273c15baf9cd8d592b0
Commit Graph

182 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Draco Lunaris
80709d48a7 Merge remote-tracking branch 'github/master' 
# Conflicts:
#	.gitignore
 2026-06-02 10:40:33 -05:00
Draco Lunaris
f797b97282 ci: add contents:write permission and free disk space
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
CI Pipeline / Clippy Lints (push) Successful in 57s
CI Pipeline / Rust Unit Tests (push) Failing after 1m14s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
CI Pipeline / Build .deb & Release (push) Has been skipped
- Add permissions: contents: write for GitHub Release creation
- Add disk cleanup step to free space before build
- Fixes 403 release error and dpkg-deb tar error
v0.1.9 		2026-05-31 02:08:38 -05:00
Draco Lunaris
8dfe137745 Merge pull request #1 from Draco-Lunaris/fix/ci-skip-doctests
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
CI Pipeline / Clippy Lints (push) Successful in 57s
CI Pipeline / Rust Unit Tests (push) Failing after 1m17s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
ci: skip doctests to avoid missing certs dependency
 2026-05-31 01:47:25 -05:00
Draco Lunaris
28edce0fc6 ci: skip doctests to avoid missing certs dependency 2026-05-31 01:08:50 -05:00
Draco Lunaris
0f0a534f25 docs: add CONTRIBUTING.md and SECURITY.md for open source
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 6s
CI Pipeline / Clippy Lints (push) Successful in 53s
CI Pipeline / Rust Unit Tests (push) Failing after 1m11s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
 2026-05-31 00:12:14 -05:00
Draco Lunaris
f557e21e09 ci: add GitHub Actions CI/CD and Apache-2.0 license
Some checks failed
CI Pipeline / Rust Format Check (push) Has been cancelled
CI Pipeline / Clippy Lints (push) Has been cancelled
CI Pipeline / Rust Unit Tests (push) Has been cancelled
CI Pipeline / Security Audit (push) Has been cancelled
CI Pipeline / Frontend Lint & Type Check (push) Has been cancelled
CI Pipeline / Build .deb & Release (push) Has been cancelled
 2026-05-31 00:10:01 -05:00
Draco Lunaris
d2d7132955 chore: add certs/ to .gitignore
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 4s
CI Pipeline / Clippy Lints (push) Successful in 52s
CI Pipeline / Rust Unit Tests (push) Failing after 1m9s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
CI Pipeline / Build .deb & Release (push) Has been skipped
 2026-05-30 22:50:12 -05:00
git-echo
124b5b0e3b feat: add bump-version.sh script for version management 
Automates version bumps across all version source files:
- Cargo.toml (PRIMARY - workspace.package.version)
- debian/changelog (prepend new entry)
- debian/control (update Version field)
- scripts/build-package.sh (update VERSION variable)
- frontend/package.json (update version field)
- Stale references check after bump

Usage: ./scripts/bump-version.sh <new_version> <old_version>
 2026-05-28 10:52:16 -05:00
git-echo
c1ed760358 Merge fix/maintenance-windows-race-condition: resolve maintenance windows race condition and N+1 query
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 3s
CI Pipeline / Clippy Lints (push) Successful in 1m0s
CI Pipeline / Rust Unit Tests (push) Successful in 1m23s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
CI Pipeline / Build .deb & Release (push) Successful in 4m29s
v0.1.10 		2026-05-22 03:28:59 +00:00
git-echo
ee5b8d5a6c ci: fix repo path from echo/ to git-echo/ in checkout URLs
All checks were successful
CI Pipeline / Rust Format Check (pull_request) Successful in 5s
CI Pipeline / Clippy Lints (pull_request) Successful in 1m0s
CI Pipeline / Rust Unit Tests (pull_request) Successful in 1m22s
CI Pipeline / Security Audit (pull_request) Successful in 5s
CI Pipeline / Frontend Lint & Type Check (pull_request) Successful in 15s
CI Pipeline / Build .deb & Release (pull_request) Has been skipped
The CI workflow used echo/linux_patch_manager for archive downloads
but the repo is owned by git-echo. This caused all CI jobs to fail
with "gzip: stdin: not in gzip format" because curl received a
404 HTML page instead of a tarball.
 2026-05-22 03:24:09 +00:00
git-echo
3925cb48c1 fix: resolve maintenance windows race condition and N+1 query
Some checks failed
CI Pipeline / Rust Format Check (pull_request) Failing after 3s
CI Pipeline / Clippy Lints (pull_request) Failing after 1s
CI Pipeline / Rust Unit Tests (pull_request) Failing after 2s
CI Pipeline / Security Audit (pull_request) Failing after 1s
CI Pipeline / Frontend Lint & Type Check (pull_request) Failing after 4s
CI Pipeline / Build .deb & Release (pull_request) Has been skipped
- Add GET /api/v1/maintenance-windows bulk endpoint to eliminate N+1
  per-host API calls (1 request instead of N+1)
- Fix two-phase state update race: setHosts() was called before
  setWindowsByHost(), causing React to render hosts with empty windows
- Add AbortController to cancel stale fetch requests on unmount/re-fetch
- Batch state updates atomically (React 18 auto-batching)
- Replace silent catch{} with proper error handling
- Add refreshData() wrapper for mutation handlers and Refresh button

Backend: maintenance_windows.rs - new list_all_windows handler +
all_windows_router(), mounted in main.rs
Frontend: client.ts - new listAll() API method
Frontend: MaintenanceWindowsPage.tsx - rewritten fetchData
 2026-05-22 03:17:34 +00:00
git-echo
354e3205d3 fix: update repo paths from echo/ to git-echo/ after account migration
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
CI Pipeline / Clippy Lints (push) Successful in 1m3s
CI Pipeline / Rust Unit Tests (push) Successful in 1m23s
CI Pipeline / Security Audit (push) Successful in 4s
CI Pipeline / Frontend Lint & Type Check (push) Successful in 17s
CI Pipeline / Build .deb & Release (push) Has been skipped
 2026-05-21 17:05:47 +00:00
Echo
2cc3d0db40 chore: bump version to 0.1.9 for rate limiting fix release
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 2s
Details
CI Pipeline / Clippy Lints (push) Successful in 1m2s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m22s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
Details
CI Pipeline / Build .deb & Release (push) Successful in 4m32s
Details
2026-05-21 02:38:29 +00:00
Echo
59794bc8f2 fix: replace broken DashMap rate limiting with tower-governor middleware
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 1m1s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m21s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
- Replace custom DashMap<IpAddr, Instant> rate limiting in enrollment.rs
  that fell back to 0.0.0.0 when X-Forwarded-For was missing, causing
  ALL enrollment traffic to share a single global rate limit bucket
- Use tower_governor with SmartIpKeyExtractor for proper per-IP rate
  limiting that respects X-Forwarded-For headers (critical behind HAProxy)
- Add three configurable rate limit tiers via config.toml:
  * Enrollment: 5 req/min per IP, burst 3 (strict)
  * Auth: 20 req/min per IP, burst 10 (moderate)
  * API: 120 req/min per IP, burst 30 (normal)
- Remove enrollment_rate_limits from AppState and cleanup task
- Remove manual rate limit code from enrollment.rs (headers param, IP extraction)
- Add into_make_service_with_connect_info for ConnectInfo fallback
- Add RateLimitConfig to AppConfig with sensible defaults

Fixes: #1
 2026-05-21 02:27:10 +00:00
Echo
6c72dc3ac6 feat: populate os_family, os_name, arch, agent_version from health poller and enrollment
Some checks failed
CI Pipeline / Rust Format Check (push) Failing after 2s
CI Pipeline / Clippy Lints (push) Failing after 1s
CI Pipeline / Rust Unit Tests (push) Failing after 2s
CI Pipeline / Security Audit (push) Failing after 2s
CI Pipeline / Frontend Lint & Type Check (push) Failing after 3s
CI Pipeline / Build .deb & Release (push) Has been skipped
- health_poller: persist agent_version from HealthData.version
- health_poller: call /system/info to update os_family, os_name, arch
- enrollment: set os_family and arch from os_details during approval
- enrollment: build os_name from os+os_version when name field absent
- COALESCE in UPDATE preserves existing values when new data unavailable
- version bump 0.1.7 -> 0.1.8
 2026-05-21 00:09:57 +00:00
Echo
f70c5e53f9 feat: add host editing endpoint and frontend UI
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Successful in 3m51s
Details
2026-05-18 21:52:00 +00:00
Echo
b3ae42215b fix(ca): strip CIDR netmask from IP before adding to server cert SANs
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-18 16:19:39 +00:00
Echo
d326b25203 fix(ca): make CA path configurable and prevent encrypted keys
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
- main.rs: use config.security.ca_cert_path parent directory instead
  of hardcoded /etc/patch-manager/ca for CA initialization.
- config.example.toml: add warning that CA key must be unencrypted PEM.
- This prevents silent generation of a second CA on fresh installs
  and ensures the manager always uses the configured CA.
 2026-05-18 15:58:38 +00:00
Echo
aabaa3a0d4 fix: reorder host insert before cert issuance, add migration for missing columns
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-18 13:18:44 +00:00
Echo
005718c38a fix: cast ip_address to inet in enrollment approval collision check and host insert
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-18 01:42:23 +00:00
Echo
2c7432f2ec fix: cast ip_address to inet on insert and to text on read for enrollment_requests
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-18 01:31:20 +00:00
Echo
545277add2 fix: cast ip_address to inet type in enrollment INSERT query
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Security Audit (push) Has been cancelled
Details
CI Pipeline / Frontend Lint & Type Check (push) Has been cancelled
Details
CI Pipeline / Build .deb & Release (push) Has been cancelled
Details
CI Pipeline / Rust Unit Tests (push) Has been cancelled
Details
2026-05-18 01:29:24 +00:00
Echo
6046dd199c fix: rustfmt formatting for tracing::warn! macro in enrollment.rs
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Successful in 3m53s
Details
v0.1.7 		2026-05-18 00:35:45 +00:00
Echo
024e800708 fix: remove ConnectInfo extractor to fix public endpoint 500 error
Some checks failed
CI Pipeline / Rust Format Check (push) Failing after 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-17 23:01:01 +00:00
Echo
3aff64afb7 docs: add REST API reference and update README version to v0.1.7
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-16 19:14:08 +00:00
Echo
fe56959d88 fix: separate revoked certs from active pairs in CertificatesPage
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-16 18:21:35 +00:00
Echo
6e2c270c75 feat: group certificate pairs in CertificatesPage
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-16 18:07:09 +00:00
Echo
f9bdc0a5af fix: update axum route syntax to v0.8 standard
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m13s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-16 17:39:21 +00:00
Echo
da3dffd81f feat: add host self-enrollment workflow v0.1.7
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-16 17:03:28 +00:00
Echo
f183c8edf8 fix: bump lettre to 0.11.22 in Cargo.lock (RUSTSEC-2026-0141)
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Successful in 3m50s
Details
2026-05-16 00:57:44 +00:00
Echo
98a900b0ea security: upgrade lettre to 0.11.22 (RUSTSEC-2026-0141)
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m13s
Details
CI Pipeline / Security Audit (push) Failing after 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-15 22:51:28 +00:00
Echo
4072ae1ba2 Bump version to 0.1.6 for Phase 4 release
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 53s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Failing after 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 13s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-15 22:14:14 +00:00
Echo
7b067b2813 Phase 4: Exhaustive analysis fixes, security hardening, and code quality improvements 2026-05-15 22:10:05 +00:00
Echo
4593458c5a fix: reporter role save - add case-insensitive role mapping in create_user and update_user
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m10s
Details
CI Pipeline / Security Audit (push) Failing after 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-14 20:06:34 +00:00
Echo
b36452f4d5 feat: add reporter role to user management dropdowns
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m10s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-14 02:42:58 +00:00
Echo
3878bd4952 feat: add reporter role for SSO auto-provisioning
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m10s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-14 02:23:18 +00:00
Echo
d58fa2befa fix: add Keycloak and Oidc variants to AuthProvider enum
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m9s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 13s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 20:34:56 +00:00
Echo
22e9c2819a fix: cast user_role and auth_provider enum types in SSO callback SQL queries
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 51s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m10s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 19:35:04 +00:00
Echo
31cdeda724 fix: cast auth_provider text to enum type in SSO callback SQL queries
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m12s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 13s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 19:16:49 +00:00
Echo
83a0c29f3d fix: handle SSO email collision by linking existing local users
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 6s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m9s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 13s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
When a user already exists with auth_provider=local and the same email,
the SSO callback now links the existing user to the new SSO provider
instead of failing with a unique constraint violation on email.

Flow: 1) Try exact match (email+auth_provider), 2) If not found,
try email-only lookup, 3) If found with different provider, link
by updating auth_provider, azure_oid, oidc_sub, 4) If not found,
create new user as before.
 2026-05-13 18:23:32 +00:00
Echo
d76450759a fix: add public SSO config endpoint for login page 
The SSO button on the login page was not appearing because the settings
API requires authentication, but the login page cannot authenticate before
the user logs in.

Changes:
- Backend: Add GET /api/v1/auth/sso/config public endpoint that returns
  only enabled, display_name, and auth_url (no secrets exposed)
- Backend: Mount sso::public_router() at /api/v1/auth/sso in main.rs
  (was previously missing - only azure_compat_router was mounted)
- Frontend: Replace settingsApi.get() call in LoginPage.tsx with
  ssoConfigApi.get() which calls the public endpoint
- Frontend: Add SsoConfigResponse interface and ssoConfigApi helper
  to client.ts
- Frontend: Use auth_url from config response instead of hardcoded path
 2026-05-13 14:53:12 +00:00
Echo
69d2e88bbd feat: OIDC SSO provider support (Keycloak, Azure AD, custom)
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
- Refactored azure_sso.rs to sso.rs with generic OIDC provider support
- Added OIDC discovery URL lookup with 1hr TTL caching
- Added PKCE for all providers, client_secret optional for public clients
- Added /api/v1/auth/sso/login and /api/v1/auth/sso/callback routes
- Added /api/v1/auth/azure/* backward-compatible routes
- Added POST /settings/sso/discover and POST /settings/sso/test endpoints
- Frontend: Provider dropdown (Keycloak/Azure AD/Custom OIDC)
- Frontend: Auto-fill discovery URL for Keycloak
- Frontend: Discover Endpoints and Test Connection buttons
- Frontend: Dynamic SSO button based on provider display name
- Made migration 014 idempotent with DO blocks and IF NOT EXISTS
- Fixed debian/install to use /usr/local/bin/ for binaries
- Fixed frontend file path in .deb package
- Reset admin password on dev server
- Fixed database permissions for oidc_config table
 2026-05-13 13:32:24 +00:00
Echo
e3d8569b05 feat: include notification recipients in SMTP test email
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m17s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 00:33:41 +00:00
Echo
3b3fd8b689 fix: remove duplicate audit integrity section and consolidate email settings into SMTP
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m19s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 00:16:20 +00:00
Echo
c8b6b01dbc fix: resolve settings save failure - boolean type mismatch and improve error messages
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m19s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-13 00:07:46 +00:00
Echo
c8b1feee19 fix: make version display dynamic from package.json instead of hardcoded
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m17s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-12 23:49:14 +00:00
Echo
010d384c6a fix: add libfontconfig1-dev to CI workflow for fontconfig build dependency
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m18s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 16s
Details
CI Pipeline / Build .deb & Release (push) Successful in 4m15s
Details
2026-05-12 23:29:28 +00:00
Echo
1426ecffc2 chore: bump version to 0.1.4
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Failing after 44s
Details
CI Pipeline / Rust Unit Tests (push) Failing after 47s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-12 23:23:43 +00:00
Echo
04abb59961 fix: clarify SMTP vs email notification UX and save-before-test
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 6s
Details
CI Pipeline / Clippy Lints (push) Failing after 46s
Details
CI Pipeline / Rust Unit Tests (push) Failing after 48s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-12 23:17:47 +00:00
Echo
9352dc8a02 fix: add libfontconfig1 dependency for plotters TTF font support
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Failing after 44s
Details
CI Pipeline / Rust Unit Tests (push) Failing after 49s
Details
CI Pipeline / Security Audit (push) Successful in 4s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-12 21:25:39 +00:00