git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity
143 Commits 34 Branches 23 Tags
83a0c29f3db3b4398e1a42ee87b60fda68d1bb46
Commit Graph

8 Commits

Author SHA1 Message Date
Echo
69d2e88bbd feat: OIDC SSO provider support (Keycloak, Azure AD, custom)
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 52s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m11s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
- Refactored azure_sso.rs to sso.rs with generic OIDC provider support
- Added OIDC discovery URL lookup with 1hr TTL caching
- Added PKCE for all providers, client_secret optional for public clients
- Added /api/v1/auth/sso/login and /api/v1/auth/sso/callback routes
- Added /api/v1/auth/azure/* backward-compatible routes
- Added POST /settings/sso/discover and POST /settings/sso/test endpoints
- Frontend: Provider dropdown (Keycloak/Azure AD/Custom OIDC)
- Frontend: Auto-fill discovery URL for Keycloak
- Frontend: Discover Endpoints and Test Connection buttons
- Frontend: Dynamic SSO button based on provider display name
- Made migration 014 idempotent with DO blocks and IF NOT EXISTS
- Fixed debian/install to use /usr/local/bin/ for binaries
- Fixed frontend file path in .deb package
- Reset admin password on dev server
- Fixed database permissions for oidc_config table
 2026-05-13 13:32:24 +00:00
Echo
c8b1feee19 fix: make version display dynamic from package.json instead of hardcoded
All checks were successful
CI Pipeline / Rust Format Check (push) Successful in 5s
Details
CI Pipeline / Clippy Lints (push) Successful in 57s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m17s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Successful in 15s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-12 23:49:14 +00:00
Echo
86a6c714d4 feat: Complete Azure SSO implementation (v0.1.3) 
- Add SSO session cleanup task (10-min expiry, 60s purge interval)
- Change callback to redirect to frontend with tokens as query params
- Add sso_callback_url to SecurityConfig with serde default
- Add SsoCallbackPage.tsx for handling SSO callback redirects
- Add /auth/sso/callback public route to App.tsx
- Add Sign in with Microsoft Azure button to LoginPage
- Replace insecure decode_jwt_payload with verify_id_token
- Implement JWKS caching (1-hour TTL) and RSA signature verification
- Validate iss, aud, exp claims on id_token
- Add jsonwebtoken dependency to pm-web crate
- Update config.example.toml with sso_callback_url setting
- Add sso_callback_url to settings response (read-only from TOML)
 2026-05-12 17:01:20 +00:00
Echo
cc1214a963 feat: Phase 4 - password validation, force password reset flow, account lockout, QR code for MFA
Some checks failed
CI Pipeline / Rust Format Check (push) Failing after 6s
Details
CI Pipeline / Clippy Lints (push) Successful in 46s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m2s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Failing after 10s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-07 17:53:16 +00:00
Echo
aa0cb9ab3c feat: cert bundle download with CA root, re-issue endpoint, and enhanced cert UI
Some checks failed
CI Pipeline / Rust Format Check (push) Failing after 4s
Details
CI Pipeline / Clippy Lints (push) Successful in 46s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m2s
Details
CI Pipeline / Security Audit (push) Successful in 5s
Details
CI Pipeline / Frontend Lint & Type Check (push) Failing after 10s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details
2026-05-05 23:06:48 +00:00
Echo
2fd3eb89b4 Fix all frontend ESLint errors
Some checks failed
CI Pipeline / Rust Format Check (push) Successful in 3s
Details
CI Pipeline / Clippy Lints (push) Successful in 45s
Details
CI Pipeline / Rust Unit Tests (push) Successful in 1m1s
Details
CI Pipeline / Security Audit (push) Successful in 3s
Details
CI Pipeline / Frontend Lint & Type Check (push) Failing after 4s
Details
CI Pipeline / Build .deb & Release (push) Has been skipped
Details 
- Add eslint-plugin-react-hooks to package.json and config
- Fix duplicate imports in HostsPage.tsx
- Remove non-null assertion in main.tsx
- Fix != to !== in HostDetailPage.tsx and MaintenanceWindowsPage.tsx
- Fix unused variable in ReportsPage.tsx
- Change console.debug to console.warn in useJobWebSocket.ts
 2026-04-27 21:20:25 +00:00
Echo
f49ec1ac51 ci: Add comprehensive CI quality gates
Some checks failed
CI Quality Gates / Rust Format Check (push) Failing after 0s
Details
CI Quality Gates / Rust Unit Tests (push) Failing after 0s
Details
CI Quality Gates / Security Audit (push) Failing after 0s
Details
CI Quality Gates / Frontend Lint & Type Check (push) Failing after 0s
Details
CI Quality Gates / Clippy Lints (push) Failing after 43s
Details 
- New ci.yml workflow: rust-format, clippy, rust-test, security-audit, frontend-lint
- rustfmt.toml: strict formatting rules (edition 2021, max_width 100, grouped imports)
- clippy.toml: lint configuration with complexity thresholds
- eslint.config.js: ESLint 9 flat config for TypeScript/React
- build.yml: now only triggers on v* tags (ci.yml handles master/PR)
- package.json: updated lint script for ESLint 9 flat config

Quality gates run on every push to master and every PR:
1. Rust Format Check (cargo fmt --check --all)
2. Clippy Lints (pedantic + deny warnings)
3. Rust Unit Tests (cargo test --workspace --all-features)
4. Security Audit (cargo audit)
5. Frontend Lint (ESLint + TypeScript type check)
 2026-04-24 14:55:01 +00:00
Echo
da5a94d838 feat(M1): Project scaffolding, DB schema, core infrastructure 
- Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core,
  pm-agent-client, pm-auth, pm-ca, pm-reports)
- React + TypeScript + Vite + MUI frontend scaffold
- Full PostgreSQL schema: all 17 tables with indexes and constraints
- pm-core: config (TOML+env), db (SQLx pool + migrations), error
  (unified AppError + JSON envelope), request_id (ULID middleware),
  logging (tracing JSON/pretty)
- pm-web: Axum skeleton, /status/health endpoint, static file serving
- pm-worker: Tokio skeleton, heartbeat writer, schema version check
- Embedded sqlx migrations with advisory lock (single-writer)
- systemd unit files, setup.sh, build-frontend.sh
- config.example.toml with all configuration keys
- docs/runbooks/restore.md
- cargo check passes with zero warnings

Closes M1.
 2026-04-23 15:55:53 +00:00