Implement OAuth Authentication + Role Based Access Control (RBAC) for Root.#163
Merged
hrideshmg merged 21 commits intoamfoss:developfrom Nov 22, 2025
Merged
Implement OAuth Authentication + Role Based Access Control (RBAC) for Root.#163hrideshmg merged 21 commits intoamfoss:developfrom
hrideshmg merged 21 commits intoamfoss:developfrom
Conversation
hrideshmg
changed the title
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements a comprehensive OAuth-based authentication system with role-based access control (RBAC) for the Root backend. The implementation adds GitHub OAuth for user authentication, session management for maintaining logged-in state, API key authentication for bot accounts, and role-based guards to protect GraphQL mutations.
Key Changes:
- Added GitHub OAuth flow for user registration and login with organization membership verification
- Implemented session-based authentication with 30-day expiration and daily cleanup task
- Created API key system for bot authentication with bcrypt-hashed keys
- Added role-based access control with Admin, Member, and Bot roles enforced via GraphQL guards
Reviewed Changes
Copilot reviewed 23 out of 24 changed files in this pull request and generated 22 comments.
Show a summary per file
| File | Description |
|---|---|
| src/auth/* | New authentication module with OAuth, session, API key services, middleware, and guards |
| src/routes.rs | Added OAuth endpoints and custom GraphQL handler with auth context injection |
| src/graphql/mutations/auth_mutations.rs | New authentication mutations for OAuth callback, logout, and bot management |
| src/graphql/mutations/*.rs | Applied role-based guards to existing mutations (attendance, member, status) |
| src/models/auth.rs | New authentication models for roles, sessions, API keys, and responses |
| src/models/member.rs | Updated Member model to support nullable fields and role column |
| migrations/20251114165724_create_auth_system.sql | Database schema changes for auth tables and Member modifications |
| docs/auth.md | Comprehensive authentication system documentation |
| Cargo.toml | Added dependencies for OAuth2, bcrypt, and rand |
| .env.sample | Added GitHub OAuth configuration variables |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
hrideshmg
force-pushed
the
auth_claude
branch
from
e81cc7f to
91252ba
Compare
hrideshmg
force-pushed
the
auth_claude
branch
2 times, most recently
from
7c7f86a to
a11ebd6
Compare
hrideshmg
force-pushed
the
auth_claude
branch
from
a11ebd6 to
4a9fdcd
Compare
hrideshmg
had a problem deploying
to
github-pages
GitHub Actions
Failure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refer to docs/auth.md for more details.