mimic-big

knacky/mimic-big

Fork 0

Commit Graph

Author	SHA1	Message	Date
knacky	38b35c933a	feat(backend): wire auth endpoints + dev CORS (sprint 1) Three login endpoints under /api/v1/auth/ + dev-only CORS so the Vite frontend can drive the session cookie. - POST /login validates local credentials and sets a Flask session cookie. Returns the CurrentUser shape on 200 (user_id, username=email, display_name, role, permissions, groups). Uniform 401 invalid_credentials on bad password or unknown user; a bcrypt round against a dummy hash runs even on unknown users so the request timing does not enumerate accounts. Audits an auth.login row and bumps user.last_login_at. - POST /logout (login_required) clears the session, returns 204, audits an auth.logout row. - GET /me returns the current principal or 401 not_authenticated. Used by the frontend at boot to rehydrate state. Side wiring: - LoginManager.unauthorized_handler emits the same {error, message} JSON envelope so @login_required 401s match the rest of the API surface. - api/_helpers gains `serialize_current_user(AuthUser) -> CurrentUser` and `api_error(code, message, status)` — used by the auth blueprint and available to follow-up endpoints. - AuthUser carries display_name + user_type now; identity.load_user routes through a new `authuser_from_orm()` helper that the login endpoint also uses so /login and the user_loader produce identical shapes. - Dev-only CORS via flask-cors on /api/*, gated on MIMIC_ENV=development AND MIMIC_CORS_ORIGINS non-empty. Prod keeps same-origin (reverse proxy fronts the SPA + API). - LoginRequest + CurrentUser DTOs added to mimic.schemas. No frontend-visible change to engagements (sprint-0 already shipped created_by_id, audit log, F11 scope).	2026-05-23 04:21:44 +02:00
knacky	9fa4d61304	feat(backend): add Flask app factory, audit writer, flat CRUD + CLI (B0.7) - Flask app factory wires SQLAlchemy / Migrate / Login / SocketIO and registers every blueprint. /healthz smoke endpoint included. - Pydantic 2 DTOs (request/response) for engagement / host / TTP / scenario aggregates with from_attributes=True conversion. - Flat CRUD blueprints under /api/v1/: * engagements (list / create / get / put / delete-as-archive) * hosts (engagement-scoped CRUD) * library/ttps (CRUD; promote requires the lead-only TTP_PROMOTE) * scenarios + steps (F3 invariant enforced: host.c2_type must match scenario.c2_type at compose time, 400 otherwise). - @require_perm guards every endpoint per the F11 matrix. - audit/ writer is hash-chained from v1 (SHA-256 of canonical record plus previous hash). The SQL-level write-only role enforcement ships in the deploy playbook (idempotent grants run at migration time). - mimic-cli (click): user create (seeds RT operator/lead with group membership), db dump / db restore (manual pg_dump/pg_restore, R-O1). No orchestrator, no WebSocket, no report generation — those land after PR1/PR2/PR3.	2026-05-21 20:36:03 +02:00

Author

SHA1

Message

Date

knacky

38b35c933a

feat(backend): wire auth endpoints + dev CORS (sprint 1)

Three login endpoints under /api/v1/auth/ + dev-only CORS so the Vite
frontend can drive the session cookie.

- POST /login validates local credentials and sets a Flask session cookie.
  Returns the CurrentUser shape on 200 (user_id, username=email,
  display_name, role, permissions, groups). Uniform 401 invalid_credentials
  on bad password or unknown user; a bcrypt round against a dummy hash runs
  even on unknown users so the request timing does not enumerate accounts.
  Audits an auth.login row and bumps user.last_login_at.
- POST /logout (login_required) clears the session, returns 204, audits an
  auth.logout row.
- GET /me returns the current principal or 401 not_authenticated. Used by
  the frontend at boot to rehydrate state.

Side wiring:
- LoginManager.unauthorized_handler emits the same {error, message} JSON
  envelope so @login_required 401s match the rest of the API surface.
- api/_helpers gains `serialize_current_user(AuthUser) -> CurrentUser` and
  `api_error(code, message, status)` — used by the auth blueprint and
  available to follow-up endpoints.
- AuthUser carries display_name + user_type now; identity.load_user routes
  through a new `authuser_from_orm()` helper that the login endpoint also
  uses so /login and the user_loader produce identical shapes.
- Dev-only CORS via flask-cors on /api/*, gated on
  MIMIC_ENV=development AND MIMIC_CORS_ORIGINS non-empty. Prod keeps
  same-origin (reverse proxy fronts the SPA + API).
- LoginRequest + CurrentUser DTOs added to mimic.schemas.

No frontend-visible change to engagements (sprint-0 already shipped
created_by_id, audit log, F11 scope).

2026-05-23 04:21:44 +02:00

knacky

9fa4d61304

feat(backend): add Flask app factory, audit writer, flat CRUD + CLI (B0.7)

- Flask app factory wires SQLAlchemy / Migrate / Login / SocketIO and
  registers every blueprint. /healthz smoke endpoint included.
- Pydantic 2 DTOs (request/response) for engagement / host / TTP /
  scenario aggregates with from_attributes=True conversion.
- Flat CRUD blueprints under /api/v1/:
  * engagements (list / create / get / put / delete-as-archive)
  * hosts (engagement-scoped CRUD)
  * library/ttps (CRUD; promote requires the lead-only TTP_PROMOTE)
  * scenarios + steps (F3 invariant enforced: host.c2_type must match
    scenario.c2_type at compose time, 400 otherwise).
- @require_perm guards every endpoint per the F11 matrix.
- audit/ writer is hash-chained from v1 (SHA-256 of canonical record
  plus previous hash). The SQL-level write-only role enforcement ships
  in the deploy playbook (idempotent grants run at migration time).
- mimic-cli (click): user create (seeds RT operator/lead with group
  membership), db dump / db restore (manual pg_dump/pg_restore, R-O1).

No orchestrator, no WebSocket, no report generation — those land after
PR1/PR2/PR3.

2026-05-21 20:36:03 +02:00

2 Commits