feat(silo): harden authentication for production deployment #53

New Issue

Closed

opened 2026-02-08 23:25:35 +00:00 by forbes · 0 comments

forbes commented 2026-02-08 23:25:35 +00:00

Owner

Copy Link

Local auth (bcrypt) works end-to-end. LDAP (FreeIPA) and OIDC (Keycloak) backends are coded but depend on infrastructure not yet deployed.

Current state:

• FreeCAD client has Silo_Auth dock panel for login and API token management
• Server has session middleware (alexedwards/scs), CSRF protection (nosurf), and role-based access control (admin/editor/viewer)
• Migration 009_auth.sql adds users, api_tokens, and sessions tables

Needed:

• Deploy FreeIPA and Keycloak infrastructure
• End-to-end test LDAP and OIDC flows
• Harden token rotation and session expiry
• Production SSL/TLS configuration

Priority: High
Source: KNOWN_ISSUES.md #4

Local auth (bcrypt) works end-to-end. LDAP (FreeIPA) and OIDC (Keycloak) backends are coded but depend on infrastructure not yet deployed. **Current state:** - FreeCAD client has `Silo_Auth` dock panel for login and API token management - Server has session middleware (`alexedwards/scs`), CSRF protection (`nosurf`), and role-based access control (admin/editor/viewer) - Migration `009_auth.sql` adds users, api_tokens, and sessions tables **Needed:** - Deploy FreeIPA and Keycloak infrastructure - End-to-end test LDAP and OIDC flows - Harden token rotation and session expiry - Production SSL/TLS configuration **Priority:** High **Source:** KNOWN_ISSUES.md #4

forbes added the enhancementhigh-priority labels 2026-02-08 23:25:35 +00:00

forbes closed this issue 2026-02-09 02:14:19 +00:00

forbes referenced this issue from a commit 2026-02-14 16:31:27 +00:00

Merge pull request #53 from wood-galaxy/equipement-fix

forbes referenced this issue from a commit 2026-02-14 16:34:30 +00:00

Merge pull request #53 from wood-galaxy/equipement-fix

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/gears-addon

test/planar-drag-console-test

fix/planar-drag-prepass

chore/update-solver-submodule

fix/distance-datum-plane-classification

fix/assembly-drag-flip-detection

feat/solver-assembly-integration

feat/solver-context-packing

feat/solver-api-types

fix/submodule-pointers

feat/ztools-sdk-migration

feat/ztools-theme-extraction

feat/silo-start-page

fix/book-toml-fa6

fix/book-toml-v05

fix/docs-install-mdbook

fix/docs-checkout-docker-network

fix/docs-checkout-localhost

fix/docs-workflow-paths

docs/mdbook-setup

fix/qss-theme-polish

fix/tangent-cylinder-attachment

fix/bom-registration-path

fix/angled-datum-edit

fix/missing-silo-icons

fix/delete-bom-entry-request

fix/menu-insertion-fragility

fix/manipulator-timing

chore/repo-cleanup-docs

fix/build-menu-icon-size

fix/ui-appearance-polish

feat/update-checker

fix/merge-silo-toolbar

fix/silo-workbench-bugs

art/update-kindred-icons

docs/update-ci-and-overview

refactor/silo-split

docs/split-repository-state

main

v0.1.3

latest

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

UX

branding

bug

ci/cd

CI/CD workflows and deployment

defaults

documentation

Developer documentation

enhancement

high-priority

low-priority

theme

No Label enhancement high-priority

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

forbes

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kindred/create#53