plate-auth

pplate/plate-auth

Fork 0

Commit Graph

Author	SHA1	Message	Date
Patrick Plate	b43ab5e02c	fix(sprint-0): panel-review-v2 blockers — scoped security chain, fail-closed CORS, no @ComponentScan, drop dead RefreshToken Review-v2 (Sprint-0-Plan-Review-v2) blockers: - B1: SecurityConfig chain now securityMatcher-scoped to plate-auth endpoints so it cannot hijack the consuming app's routes - B2: removed @ComponentScan from auto-config; explicit @Import of @Configuration + @Service/@RestController classes - B4: CORS fails closed (same-origin) when allowed-origins empty instead of defaulting to '*' - B5: removed dead RefreshToken entity + repo; v0.1 uses stateless JWT refresh (rotation deferred to v0.3) - W-A: documented OnboardingHook transaction contract Verified: mvn -pl plate-auth-starter compile succeeds.	2026-06-24 20:22:36 +02:00
Patrick Plate	973c82f304	feat(w1): maven skeleton + CI scaffold - Parent POM: de.platesoft:plate-auth-parent with ${revision} CI-friendly versioning - plate-auth-starter module: Spring Boot 4.1.0 starter deps (web, jpa, security, validation, jwt, flyway, envers) - @platesoft/auth npm package skeleton: tsup bundler, conditional exports, TypeScript strict - Gitea Actions: ci.yml (on push/PR) + release.yml (on v* tag) - distributionManagement pointing to Gitea Package Registry (Maven + npm) - Apache-2.0 LICENSE, README with quickstart, CHANGELOG, .editorconfig, .gitignore - pnpm workspace with packages/auth - Maven BUILD SUCCESS verified locally	2026-06-24 15:40:17 +02:00

Author

SHA1

Message

Date

Patrick Plate

b43ab5e02c

fix(sprint-0): panel-review-v2 blockers — scoped security chain, fail-closed CORS, no @ComponentScan, drop dead RefreshToken

Review-v2 (Sprint-0-Plan-Review-v2) blockers:
- B1: SecurityConfig chain now securityMatcher-scoped to plate-auth endpoints so it cannot hijack the consuming app's routes
- B2: removed @ComponentScan from auto-config; explicit @Import of @Configuration + @Service/@RestController classes
- B4: CORS fails closed (same-origin) when allowed-origins empty instead of defaulting to '*'
- B5: removed dead RefreshToken entity + repo; v0.1 uses stateless JWT refresh (rotation deferred to v0.3)
- W-A: documented OnboardingHook transaction contract

Verified: mvn -pl plate-auth-starter compile succeeds.

2026-06-24 20:22:36 +02:00

Patrick Plate

973c82f304

feat(w1): maven skeleton + CI scaffold

- Parent POM: de.platesoft:plate-auth-parent with ${revision} CI-friendly versioning
- plate-auth-starter module: Spring Boot 4.1.0 starter deps (web, jpa, security, validation, jwt, flyway, envers)
- @platesoft/auth npm package skeleton: tsup bundler, conditional exports, TypeScript strict
- Gitea Actions: ci.yml (on push/PR) + release.yml (on v* tag)
- distributionManagement pointing to Gitea Package Registry (Maven + npm)
- Apache-2.0 LICENSE, README with quickstart, CHANGELOG, .editorconfig, .gitignore
- pnpm workspace with packages/auth
- Maven BUILD SUCCESS verified locally

2026-06-24 15:40:17 +02:00

2 Commits