terra-view

Author	SHA1	Message	Date
serversdown	2879abb355	feat(auth): deny-by-default gate middleware + require_role Adds operator_gate Starlette HTTP middleware that gates every route except an explicit allow-list. Flag defaults OFF so all existing behaviour and tests are unchanged. wire_operator_auth helper in conftest lets tests monkeypatch the module-global SessionLocal and flag, keeping the gate's own DB session pointed at the test engine. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-17 19:27:41 +00:00
serversdown	e8fe4845aa	feat(auth): authenticate + lockout + operator data helpers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-17 19:19:36 +00:00
serversdown	a6e1cb4f87	feat(auth): operator session cookie + current_operator DB re-validation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-17 19:11:41 +00:00
serversdown	4abfcbc293	feat(auth): OperatorUser model + role ladder Add OperatorUser SQLAlchemy model (operator_users table, auto-created by create_all) with email uniqueness, default active/must_change_password/ failed_login_count, and sessions_valid_from truncated to whole seconds. Add backend/operator_auth.py with feature flag, cookie constants, _ROLE_RANK map, role_at_least(), and _norm_email() helpers. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-17 19:08:18 +00:00