Commit Graph

8 Commits

Author SHA1 Message Date
Georges-Antoine Assi
55ca39cacb fix deprecations in pydantic 2026-03-15 09:34:48 -04:00
Georges-Antoine Assi
ed6f9f5907 cleanup endpoint tests 2026-03-14 23:56:46 -04:00
HydroSulphide
6a1c1597ce Fix: directly import constants from config and preventing silent fallback on wrong user input for env variable 2026-03-12 20:18:48 +01:00
HydroSulphide
48091225c7 Fix: imports in all test files with renamed constants 2026-03-12 20:04:19 +01:00
nendo
fb37c5cafe fix fork to match upstream changes and verify tests 2026-03-11 11:01:23 +09:00
nendo
ea5b7546aa refactor: address PR #3114 review feedback
- Use atomic getdel for pairing code exchange
- Add cascade="all, delete-orphan" to User.client_tokens
- Move generate/hash_client_token into AuthHandler as static methods
- Extract endpoint helpers to utils/client_tokens.py
2026-03-11 10:56:35 +09:00
nendo
bd5b3375f0 fix: remove unused User import and add i18n keys to all locales
Fixes trunk_check (unused import) and check-translations (missing
keys in non-en_US locales) CI failures.
2026-03-11 10:56:35 +09:00
nendo
e0b25fbc6c feat(client-tokens): add client API tokens with QR pairing flow
Long-lived, revocable, scope-restricted tokens for external clients
(mobile apps, retro handhelds, third-party tools). Includes:

- Backend: model, migration, DB handler, auth integration (rmm_ prefix
  routing in HybridAuthBackend), CRUD + pairing + exchange endpoints,
  rate limiting, scope intersection enforcement, admin oversight
- Frontend: settings page with token management table, stepped
  create/deliver dialog (config -> copy/pair), QR code with RomM logo,
  admin token table, standalone /pair page for QR scan landing
- /pair page supports custom-scheme callbacks for app deep linking,
  falls back to displaying code for manual entry
- 33 backend tests across 5 classes (CRUD, auth, isolation, pairing,
  admin)
2026-03-11 10:56:35 +09:00