Massive refactor. Merge forward_auth into App, remove references to unimplemented OIDC federation and SAML features. Add group and user custom claims. Groups now allocate which apps a user can use

2025-11-04 13:21:55 +11:00
parent 4d1bc1ab66
commit ef15db77f9
46 changed files with 341 additions and 2917 deletions
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do
+ActiveRecord::Schema[8.1].define(version: 2025_11_04_015104) do
  create_table "application_groups", force: :cascade do |t|
    t.integer "application_id", null: false
    t.datetime "created_at", null: false
@@ -21,19 +21,6 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do
    t.index ["group_id"], name: "index_application_groups_on_group_id"
  end

-  create_table "application_roles", force: :cascade do |t|
-    t.boolean "active", default: true
-    t.integer "application_id", null: false
-    t.datetime "created_at", null: false
-    t.text "description"
-    t.string "display_name"
-    t.string "name", null: false
-    t.json "permissions", default: {}
-    t.datetime "updated_at", null: false
-    t.index ["application_id", "name"], name: "index_application_roles_on_application_id_and_name", unique: true
-    t.index ["application_id"], name: "index_application_roles_on_application_id"
-  end
-
  create_table "applications", force: :cascade do |t|
    t.boolean "active", default: true, null: false
    t.string "app_type", null: false
@@ -41,40 +28,22 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do
    t.string "client_secret_digest"
    t.datetime "created_at", null: false
    t.text "description"
-    t.json "managed_permissions", default: {}
+    t.string "domain_pattern"
+    t.json "headers_config", default: {}, null: false
    t.text "metadata"
    t.string "name", null: false
    t.text "redirect_uris"
-    t.string "role_claim_name", default: "roles"
-    t.string "role_mapping_mode", default: "disabled", null: false
-    t.string "role_prefix"
    t.string "slug", null: false
    t.datetime "updated_at", null: false
    t.index ["active"], name: "index_applications_on_active"
    t.index ["client_id"], name: "index_applications_on_client_id", unique: true
+    t.index ["domain_pattern"], name: "index_applications_on_domain_pattern", unique: true, where: "domain_pattern IS NOT NULL"
    t.index ["slug"], name: "index_applications_on_slug", unique: true
  end

-  create_table "forward_auth_rule_groups", force: :cascade do |t|
-    t.datetime "created_at", null: false
-    t.integer "forward_auth_rule_id", null: false
-    t.integer "group_id", null: false
-    t.datetime "updated_at", null: false
-    t.index ["forward_auth_rule_id"], name: "index_forward_auth_rule_groups_on_forward_auth_rule_id"
-    t.index ["group_id"], name: "index_forward_auth_rule_groups_on_group_id"
-  end
-
-  create_table "forward_auth_rules", force: :cascade do |t|
-    t.boolean "active"
-    t.datetime "created_at", null: false
-    t.string "domain_pattern"
-    t.json "headers_config", default: {}, null: false
-    t.integer "policy"
-    t.datetime "updated_at", null: false
-  end
-
  create_table "groups", force: :cascade do |t|
    t.datetime "created_at", null: false
+    t.json "custom_claims", default: {}, null: false
    t.text "description"
    t.string "name", null: false
    t.datetime "updated_at", null: false
@@ -152,22 +121,11 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do
    t.index ["user_id"], name: "index_user_groups_on_user_id"
  end

-  create_table "user_role_assignments", force: :cascade do |t|
-    t.integer "application_role_id", null: false
-    t.datetime "created_at", null: false
-    t.json "metadata", default: {}
-    t.string "source", default: "oidc"
-    t.datetime "updated_at", null: false
-    t.integer "user_id", null: false
-    t.index ["application_role_id"], name: "index_user_role_assignments_on_application_role_id"
-    t.index ["user_id", "application_role_id"], name: "index_user_role_assignments_on_user_id_and_application_role_id", unique: true
-    t.index ["user_id"], name: "index_user_role_assignments_on_user_id"
-  end
-
  create_table "users", force: :cascade do |t|
    t.boolean "admin", default: false, null: false
    t.text "backup_codes"
    t.datetime "created_at", null: false
+    t.json "custom_claims", default: {}, null: false
    t.string "email_address", null: false
    t.datetime "last_sign_in_at"
    t.string "password_digest", null: false
@@ -181,9 +139,6 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do

  add_foreign_key "application_groups", "applications"
  add_foreign_key "application_groups", "groups"
-  add_foreign_key "application_roles", "applications"
-  add_foreign_key "forward_auth_rule_groups", "forward_auth_rules"
-  add_foreign_key "forward_auth_rule_groups", "groups"
  add_foreign_key "oidc_access_tokens", "applications"
  add_foreign_key "oidc_access_tokens", "users"
  add_foreign_key "oidc_authorization_codes", "applications"
@@ -193,6 +148,4 @@ ActiveRecord::Schema[8.1].define(version: 2025_10_26_113035) do
  add_foreign_key "sessions", "users"
  add_foreign_key "user_groups", "groups"
  add_foreign_key "user_groups", "users"
-  add_foreign_key "user_role_assignments", "application_roles"
-  add_foreign_key "user_role_assignments", "users"
 end