jarvis/dd0c

Files

Max Mayfield 762e2db9df Add shared auth middleware (JWT + API key + RBAC) and canonical withTenant() helper

2026-03-01 03:09:01 +00:00

915 B

Raw Permalink Blame History

dd0c Shared Modules

Reusable code shared across all dd0c products.

Files

auth.ts — JWT + API key authentication middleware, RBAC, login/signup routes
db.ts — PostgreSQL connection pool with RLS withTenant() helper

Usage

Copy into each product's src/ directory, or symlink during build. These are kept here as the canonical source of truth.

Auth Flow

JWT (Browser/API): Authorization: Bearer <token> → decoded → req.tenantId, req.userId, req.userRole
API Key (Agent/CLI): X-API-Key: dd0c_<32hex> → prefix lookup → bcrypt verify → tenant context
Webhook (HMAC): Per-provider signature validation (skips JWT middleware)
Slack (Signing Secret): Slack request signature verification (skips JWT middleware)

RBAC Hierarchy

owner > admin > member > viewer

Use requireRole(req, reply, 'admin') in route handlers for access control.