27 lines
915 B
Markdown
27 lines
915 B
Markdown
# dd0c Shared Modules
|
|
|
|
Reusable code shared across all dd0c products.
|
|
|
|
## Files
|
|
|
|
- `auth.ts` — JWT + API key authentication middleware, RBAC, login/signup routes
|
|
- `db.ts` — PostgreSQL connection pool with RLS `withTenant()` helper
|
|
|
|
## Usage
|
|
|
|
Copy into each product's `src/` directory, or symlink during build.
|
|
These are kept here as the canonical source of truth.
|
|
|
|
## Auth Flow
|
|
|
|
1. **JWT (Browser/API):** `Authorization: Bearer <token>` → decoded → `req.tenantId`, `req.userId`, `req.userRole`
|
|
2. **API Key (Agent/CLI):** `X-API-Key: dd0c_<32hex>` → prefix lookup → bcrypt verify → tenant context
|
|
3. **Webhook (HMAC):** Per-provider signature validation (skips JWT middleware)
|
|
4. **Slack (Signing Secret):** Slack request signature verification (skips JWT middleware)
|
|
|
|
## RBAC Hierarchy
|
|
|
|
`owner > admin > member > viewer`
|
|
|
|
Use `requireRole(req, reply, 'admin')` in route handlers for access control.
|