Checkpoint: password reset, rule expiry, migrations
- Self-service and admin password-change endpoints
(PUT /v1/auth/password, PUT /v1/accounts/{id}/password)
- Policy rule time-scoped expiry (not_before / expires_at)
with migration 000006 and engine filtering
- golang-migrate integration; embedded SQL migrations
- PolicyRecord fieldalignment lint fix
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
23
README.md
23
README.md
@@ -2,7 +2,8 @@
|
||||
|
||||
MCIAS is a self-hosted SSO and IAM service for personal projects.
|
||||
It provides authentication (JWT/Ed25519), account management, TOTP, and
|
||||
Postgres credential storage over a REST API (HTTPS) and a gRPC API (TLS).
|
||||
Postgres credential storage over a REST API (HTTPS), a gRPC API (TLS),
|
||||
and an HTMX-based web management UI.
|
||||
|
||||
See [ARCHITECTURE.md](ARCHITECTURE.md) for the technical design and
|
||||
[PROJECT_PLAN.md](PROJECT_PLAN.md) for the implementation roadmap.
|
||||
@@ -177,7 +178,7 @@ TOKEN=$(curl -sk https://localhost:8443/v1/auth/login \
|
||||
export MCIAS_TOKEN=$TOKEN
|
||||
|
||||
mciasctl -server https://localhost:8443 account list
|
||||
mciasctl account create -username alice -password s3cr3t
|
||||
mciasctl account create -username alice # password prompted interactively
|
||||
mciasctl role set -id $UUID -roles admin
|
||||
mciasctl token issue -id $SYSTEM_UUID
|
||||
mciasctl pgcreds set -id $UUID -host db.example.com -port 5432 \
|
||||
@@ -241,6 +242,24 @@ See `man mciasgrpcctl` and [ARCHITECTURE.md](ARCHITECTURE.md) §17.
|
||||
|
||||
---
|
||||
|
||||
## Web Management UI
|
||||
|
||||
mciassrv includes a built-in web interface for day-to-day administration.
|
||||
After starting the server, navigate to `https://localhost:8443/login` and
|
||||
log in with an admin account.
|
||||
|
||||
The UI provides:
|
||||
- **Dashboard** — account summary overview
|
||||
- **Accounts** — list, create, update, delete accounts; manage roles and tags
|
||||
- **PG Credentials** — view, create, and manage Postgres credential access grants
|
||||
- **Policies** — create and manage ABAC policy rules
|
||||
- **Audit** — browse the audit log
|
||||
|
||||
Sessions use `HttpOnly; Secure; SameSite=Strict` cookies with CSRF protection.
|
||||
See [ARCHITECTURE.md](ARCHITECTURE.md) §8 (Web Management UI) for design details.
|
||||
|
||||
---
|
||||
|
||||
## Deploying with Docker
|
||||
|
||||
```sh
|
||||
|
||||
Reference in New Issue
Block a user