Skip to content

Kp 10636 entitlement management #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Traubert wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Kp 10636 entitlement management #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
e1df94c
KP-10636 Fix syntax
Traubert Dec 16, 2025
6a5585f
KP-10636 Changes to database schema to support entitlements
Traubert Dec 16, 2025
16a6453
KP-10636 Add db tests
Traubert Dec 16, 2025
4b1e201
KP-10636 Remove unneeded login endpoint
Traubert Dec 16, 2025
108d319
KP-10636 Add entitlement parsing helper function
Traubert Dec 16, 2025
7b8941b
KP-10636 Add entitlement writing to JWTs and improve logging
Traubert Dec 16, 2025
992b304
KP-10636 Add admin endpoints and admin API key
Traubert Dec 17, 2025
a4cfa85
KP-10636 Add admin tool
Traubert Dec 18, 2025
57dd8e4
KP-10636 Add handling for ACA status in headers and JWT
Traubert Dec 18, 2025
f2a2cfd
KP-10636 Restrict Mink's modifying endpoints to Mink corpora only
Traubert Dec 18, 2025
4adc709
KP-10636 Have the default unconfigured demo user set be empty
Traubert Jan 2, 2026
119488f
KP-10636 Clarify comment
Traubert Jan 2, 2026
07782c8
KP-10636 Set demo users for running tests
Traubert Jan 16, 2026
235ec5b
KP-10636 Unify some camelCase names to snake_case
Traubert Jan 16, 2026
bccc56a
KP-10636 Add resource-related admin endpoints
Traubert Jan 16, 2026
a1457df
KP-10636 Kill whitespace
Traubert Jan 16, 2026
a21b192
KP-10636 Move ensure_user to POST /resource endpoint
Traubert Jan 16, 2026
f48fde1
KP-10636 Explictly catch JWT errors
Traubert Jan 16, 2026
98a3738
KP-10636 Make specifying grants in entitlement creation clear previous
Traubert Jan 16, 2026
bc89abc
KP-10636 Comment about passwords being only for dev
Traubert Jan 16, 2026
b1a4073
KP-10636 Rename / refactor urn -> entitlement/identifier
Traubert Jan 19, 2026
f508869
KP-10636 Add test for ACA logic
Traubert Jan 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@ web_modules/
.env.*
!.env.example

# Test databases
test/*.sqlite3
test/*.sqlite3-*

# parcel-bundler cache (https://parceljs.org/)
.cache
.parcel-cache
Expand Down
5 changes: 4 additions & 1 deletion env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,15 @@ AUTH_DIR=/etc/korp-auth
# ============================================================================

# Path to JWT private key (PEM format)
# Generate with: openssl genrsa -out private_key.pem 2048
JWT_PRIVATE_KEY_PATH=/etc/korp-auth/private_key.pem

# API key for Mink service integration (resource deletion endpoint)
MINK_API_KEY=your-api-key-here

# API key for admin endpoints (entitlement and grant management)
# Generate a strong random key, e.g.: openssl rand -hex 32
ADMIN_API_KEY=your-admin-api-key-here

# ============================================================================
# Database Configuration
# ============================================================================
Expand Down
Loading