Skip to content

Feat/auth provider interface#266

Open
Justy116 wants to merge 11 commits into
logtide-dev:developfrom
Justy116:feat/auth-provider-interface
Open

Feat/auth provider interface#266
Justy116 wants to merge 11 commits into
logtide-dev:developfrom
Justy116:feat/auth-provider-interface

Conversation

@Justy116

@Justy116 Justy116 commented Jun 27, 2026

Copy link
Copy Markdown

Summary

Tenant safety

LogTide is multi-tenant. Confirm the following for any new/changed query, endpoint,
or background job (see docs/security/tenant-isolation-audit.md):

  • Tenant tables are filtered by organization_id (and project_id where relevant).
  • Joins enforce scoping at every level, not just the outer query.
  • Updates/deletes verify scope before executing, not just trusting the filter to match.
  • Cache keys include the organization id.
  • Background jobs carry the org id and the consumer re-validates it.
  • Ids from a URL parameter or request body are verified to belong to the requesting tenant before use.
  • New data-access paths are added to the audit doc.
  • npm run check:tenant-scoping passes (run from packages/backend).

Testing

Polliog and others added 10 commits June 21, 2026 15:51
@Polliog
Merge pull request logtide-dev#260 from logtide-dev/develop
45fee97 
release 1.0.2
refactor: added new logic for soft-delete
899a428
refactor: updated test
28aaca0
fix: address soft-delete review feedback
b7329c6
refactor: updated test
63df6aa
fix: per-org slug uniqueness, tenant-scope annotation, test teardown …
8f76b29 
…spans/metrics
refactor: fixed filed test be
bb797f0
test: add coverage for soft-delete project routes, service, and reser…
95889fb 
…voir

  purgeProject
docs: add auth provider architecture guide with custom provider example
97baab8 
Documents the AuthProvider interface, ProviderRegistry, database schema,
session model, and a worked end-to-end example of a minimal custom provider.
Closes logtide-dev#215.
Merge branch 'feat/soft-delete-projects' into feat/auth-provider-inte…
9d5bb9c 
…rface
@CLAassistant

CLAassistant commented Jun 27, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ Polliog
❌ Giustino Gragnaniello

Giustino Gragnaniello seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

merge: upstream/develop into feat/auth-provider-interface
c1d5d91 
Resolves conflicts in projects restore flow: incorporates upstream
name/slug conflict pre-check in restoreProject() and corresponding
409 error handlers in the restore route.
@codecov

codecov Bot commented Jun 27, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@Polliog Polliog linked an issue Jun 28, 2026 that may be closed by this pull request
[Feature] Pluggable authentication provider interface #215
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature] Pluggable authentication provider interface

3 participants

@Justy116 @CLAassistant @Polliog