corrad-software/corrad-af-2024
Template
9
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

merge into: corrad-software:main
Branches Tags
corrad-software:main
corrad-software:notifications
corrad-software:queue
corrad-software:api-platform
corrad-software:plugin-management
corrad-software:rbac
corrad-software:edms
corrad-software:prod
...
pull from: corrad-software:rbac
Branches Tags
corrad-software:notifications
corrad-software:queue
corrad-software:api-platform
corrad-software:plugin-management
corrad-software:rbac
corrad-software:main
corrad-software:edms
corrad-software:prod

8 Commits
main ... rbac

Author SHA1 Message Date
Md Afiq Iskandar
ef5526baf1 Refactor Application Creation and Management Logic 
- Simplified the application creation process by consolidating form fields and enhancing validation.
- Updated the create application page to streamline user experience with clearer provider options and improved layout.
- Implemented SweetAlert for success and error notifications during user actions, replacing traditional alerts.
- Enhanced the applications index page with dynamic filtering and improved data fetching from the Authentik API.
- Refactored API endpoints to utilize slugs for application identification, ensuring consistency with Authentik's structure.
- Improved authentication handling by updating the requireAuth utility to support cookie-based authentication.
 2025-06-17 11:53:15 +08:00
Afiq
bb98dc0262 Update Header and Documentation for Authentik Integration 
- Changed logout link in Header.vue from "/logout" to "/api/auth/logout" to align with the new Authentik API structure.
- Enhanced implementation status documentation to reflect the completion of the backend authentication system, including OAuth2 integration, session management, and middleware setup.
- Updated the implementation plan to outline the completed authentication foundation and next steps for RBAC database and API development.
- Added a new document detailing the authentication implementation, including server API endpoints, middleware, and composable usage for a comprehensive overview of the authentication system.
 2025-05-31 19:20:38 +08:00
Afiq
379eb17246 Implement Authentik Integration and Simplify RBAC Structure 
- Updated nuxt.config.js to include Authentik configuration and public keys for client-side access.
- Introduced a new composable, useAuth.js, for handling authentication logic with Authentik, including user validation, login, and logout functionalities.
- Enhanced documentation to reflect the simplified RBAC structure and the integration of Authentik, emphasizing user-centric design and streamlined permission management.
- Refactored middleware for authentication checks and improved error handling during user validation.
- Created new pages for login and dashboard, ensuring proper routing and user experience.
- Removed obsolete Metabase integration and unnecessary complexity from the project structure.
 2025-05-31 19:15:21 +08:00
Afiq
a2a81bd3bb Refactor RBAC Management and Dashboard Integration 
- Removed the RBAC Management section from the navigation structure.
- Updated the dashboard page title to "RBAC Management" and modified the breadcrumb to reflect the new path.
- Simplified the dashboard component by removing unused data and integrating new tab functionalities for managing applications, groups, roles, and permissions.
- Enhanced the create group and create role pages to include application assignment and simplified form states.
- Updated user creation page to include application assignment and filtered group/role options based on the selected application.
- Deleted the obsolete rbac-permission page to streamline the project structure.
 2025-05-31 17:30:11 +08:00
Afiq
919a52fe51 Add comprehensive documentation for RBAC system and Authentik integration 
- Introduced multiple new documents detailing the business justification, features overview, implementation status, backend implementation plan, and Authentik integration.
- Created a structured approach to RBAC management, emphasizing user-friendly interfaces and streamlined permission management.
- Highlighted the benefits of the RBAC system, including operational efficiency, cost savings, enhanced security, and scalability.
- Documented the technical architecture, database schema, and API endpoints for backend integration.
- Ensured all documentation aligns with the new project structure and provides clear guidance for future development and integration efforts.
 2025-05-31 16:32:31 +08:00
Afiq
f05dd42c16 Enhance README and implement RBAC system with Authentik integration 
- Updated README.md to reflect the new project name and provide an overview of the Role-Based Access Control (RBAC) system.
- Added new components for RBAC management, including:
  - PermissionExample.vue: Demonstrates permission-based navigation.
  - GroupCard.vue: Displays group information and assigned roles.
  - PermissionMatrix.vue: Visual representation of permissions across roles and resources.
  - RoleTemplates.vue: Quick role templates for applying pre-configured permissions.
  - StatsCards.vue: Displays statistics related to users, groups, and roles.
- Introduced useRbacPermissions.js for managing permission checks.
- Created docker-compose.yml for PostgreSQL and Redis services.
- Developed comprehensive documentation for application management and Authentik integration.
- Added multiple pages for managing applications, groups, roles, and users, including bulk operations and templates.
- Updated navigation structure to include new RBAC management paths.
 2025-05-31 15:58:41 +08:00
firdausfazil
78c02138d4 Merge remote-tracking branch 'origin/firdaus-rbac' into rbac 2025-05-30 11:34:05 +08:00
firdausfazil
8527b25ac4 initial-rbac 2025-05-29 20:17:32 +08:00
73 changed files with 12793 additions and 2446 deletions
Show Stats Expand all files Collapse all files

255
README.md
View File

@ -1,45 +1,252 @@
# Nuxt 3 Minimal Starter
# CorradAF - Role-Based Access Control (RBAC) System
Look at the [nuxt 3 documentation](https://v3.nuxtjs.org) to learn more.
A comprehensive RBAC system built with Nuxt 3, integrated with Authentik for enterprise-grade user management and authentication.
## Setup
## 🚀 Overview
Make sure to install the dependencies:
CorradAF provides a complete Role-Based Access Control system that sits on top of Authentik, offering simplified management for multi-application environments with granular permissions at the menu and component level.
```bash
# yarn
yarn install
## 🏗️ Architecture
# npm
npm install
# pnpm
pnpm install --shamefully-hoist
### RBAC Hierarchy: Group → Roles → Users
```
Organization/Tenant
├── Groups (Departments/Teams - synced with Authentik)
│ ├── Roles (Job Functions with app-specific permissions)
│ │ ├── Menu Permissions (key-unique based)
│ │ ├── Component Permissions (key-unique based)
│ │ └── Feature Permissions (key-unique based)
│ └── Users (Inherited from Group + Role combinations)
└── Applications (Multi-app support)
```
## Development Server
## ✨ Core Features
Start the development server on http://localhost:3000
### 👥 User Management
- **Complete User Lifecycle**: Create, update, deactivate users with full profile management
- **Bulk Operations**: CSV import/export for mass user operations
- **Authentik Integration**: Bidirectional sync with Authentik SSO system
- **Advanced Search & Filtering**: Built-in table filtering with sorting and pagination
- **Profile Management**: Employee ID, department, job titles, contact information
- **Password Management**: Secure password generation and change enforcement
### 🏢 Group Management
- **Department Structure**: Organize users into logical groups (IT, HR, Finance, etc.)
- **Hierarchical Groups**: Support for parent-child group relationships
- **Authentik Sync**: Real-time synchronization with Authentik groups
- **Custom Attributes**: Flexible metadata for groups (cost center, location, manager)
- **Member Management**: Easy addition/removal of users from groups
### 🛡️ Role Management
- **Application-Specific Roles**: Roles scoped to individual applications
- **Permission Templates**: Pre-configured role templates (Admin, Manager, Editor, Viewer)
- **Custom Role Creation**: Granular permission assignment for specific business needs
- **Role Inheritance**: Users inherit permissions from group + role combinations
- **Global vs Local Roles**: Support for system-wide and application-specific roles
### 🏢 Application Management ✅ **NEW**
- **Complete Application Lifecycle**: Create, configure, and manage applications with Authentik integration
- **Multiple Provider Support**: OAuth2/OIDC, SAML, Proxy, and LDAP provider configurations
- **Authentik Synchronization**: Automatic application and provider creation in Authentik
- **Access Control Integration**: Group and policy-based application access control
- **Real-time Monitoring**: Sync status tracking and health monitoring
- **Bulk Operations**: Sync multiple applications to Authentik simultaneously
- **Smart Configuration**: Auto-generation of OAuth2 credentials and application slugs
- **Provider Templates**: Pre-configured settings for common authentication protocols
### 🔐 Granular Permissions System
- **Key-Unique Based**: Each permission tied to a specific unique key
- **Three Permission Levels**:
- **Menu Permissions**: Control navigation visibility (`menu.users`, `menu.reports`)
- **Component Permissions**: Control UI element access (`component.user.edit_button`)
- **Feature Permissions**: Control functionality access (`feature.export.data`)
- **Action-Based**: View, Create, Edit, Delete, Approve actions per resource
- **Real-Time Enforcement**: Dynamic show/hide based on user permissions
### 📊 Advanced Data Tables (RsTable)
- **Built-in Search**: Global search across all columns
- **Column Filtering**: Hide/show specific columns via filter dropdown
- **Sorting**: Click headers to sort data ascending/descending
- **Pagination**: Configurable page sizes with navigation controls
- **Responsive Design**: Auto-collapse to mobile-friendly card view
- **Export Options**: Built-in data export capabilities
### 🔗 Authentik Integration
- **SSO Authentication**: Complete OAuth/OIDC integration
- **User Synchronization**: Bidirectional sync of users and groups
- **Group Management**: Automatic creation and sync of Authentik groups
- **Permission Mapping**: Custom permission translation to Authentik policies
- **Tenant Support**: Multi-tenant organization support
### 🎛️ RBAC Management Interface
- **Permission Matrix**: Visual grid showing role-resource-action combinations
- **Bulk Assignment**: Assign multiple permissions or roles simultaneously
- **Role Templates**: Quick application of common permission sets
- **Audit Trail**: Complete logging of permission changes and user actions
- **Application Scope**: Manage permissions across multiple applications
## 🛠️ Technical Stack
- **Frontend**: Nuxt 3, Vue 3, TailwindCSS
- **UI Components**: Custom RS component library (RsCard, RsButton, RsTable, RsBadge)
- **Forms**: FormKit for consistent form handling
- **State Management**: Pinia stores
- **Authentication**: Authentik SSO integration
- **Database**: Prisma ORM (PostgreSQL/MySQL support)
- **Icons**: Phosphor Icons
- **Styling**: TailwindCSS with dark/light mode support
## 📱 User Interface Features
### Navigation & Layout
- **Breadcrumb Navigation**: Hierarchical navigation with parent-child relationships
- **Responsive Sidebar**: Clean navigation organized by functional areas
- **Stats Cards**: Real-time metrics for users, groups, roles, and permissions
- **Search Integration**: Global search across all data tables
### Form Management
- **Validation**: Real-time form validation with FormKit
- **Auto-completion**: Smart dropdowns for groups, roles, and departments
- **File Uploads**: CSV upload for bulk operations
- **Password Strength**: Visual password strength indicators
- **Multi-step Forms**: Progressive form filling for complex operations
### Data Visualization
- **Advanced Tables**: Sortable, filterable, paginated data tables
- **Status Indicators**: Visual badges for active/inactive states
- **Avatar System**: Generated initials for users, groups, and roles
- **Progress Tracking**: Visual progress for bulk operations
- **Audit Logs**: Timestamped activity feeds
## 🚦 Getting Started
### Prerequisites
- Node.js 18+
- Yarn or npm
- Authentik instance (for SSO integration)
- PostgreSQL or MySQL database
### Installation
1. **Clone the repository**
```bash
git clone <repository-url>
cd corrad-rbac
```
2. **Install dependencies**
```bash
yarn install
# or
npm install
```
3. **Environment Setup**
```bash
cp .env.example .env
# Configure your environment variables
```
4. **Database Setup**
```bash
npx prisma migrate deploy
npx prisma generate
```
5. **Development Server**
```bash
npm run dev
# Server starts on http://localhost:3000
```
## Production
Build the application for production:
### Production Deployment
```bash
# Build for production
npm run build
```
Locally preview production build:
```bash
# Preview production build
npm run preview
# Start production server
npm run start
```
Checkout the [deployment documentation](https://v3.nuxtjs.org/guide/deploy/presets) for more information.
# corradAF
## 📁 Project Structure
This is the base project for corradAF.
```
corrad-rbac/
├── components/ # Reusable UI components
│ ├── Rs*/ # Custom component library
│ └── layouts/ # Layout components
├── pages/ # Application pages
│ ├── users/ # User management pages
│ ├── groups/ # Group management pages
│ ├── roles/ # Role management pages
│ ├── applications/ # Application management pages ✅ NEW
│ └── rbac-permission/ # RBAC management interface
├── stores/ # Pinia state management
├── middleware/ # Route protection
├── server/ # API endpoints
├── docs/ # Documentation
└── prisma/ # Database schema
```
## 🔧 Configuration
### Authentik Integration
1. Configure Authentik provider in your environment
2. Set up OAuth application in Authentik
3. Configure callback URLs and scopes
4. Enable user and group synchronization
### Permission System
1. Define application resources in the database
2. Create permission templates for common roles
3. Set up default group-role assignments
4. Configure automatic permission inheritance
## 📚 Documentation
### **📋 Main Documentation**
- **[README.md](README.md)** - Complete project overview and setup guide
- **[Features Overview](docs/FEATURES_OVERVIEW.md)** - Comprehensive list of all implemented features
- **[Implementation Status](docs/IMPLEMENTATION_STATUS.md)** - Current development status and metrics
### **🔧 Technical Documentation**
- **[RBAC & Authentik Analysis](docs/RBAC_AUTHENTIK_ANALYSIS.md)** - Detailed technical analysis and architecture
- **[Business Justification](docs/BUSINESS_JUSTIFICATION_RBAC.md)** - Why build RBAC on top of Authentik
- **[Authentik Integration](docs/AUTHENTIK_INTEGRATION_IMPLEMENTATION.md)** - Integration implementation guide
- **[Application Management](docs/APPLICATION_MANAGEMENT.md)** - Complete application management documentation ✅ **NEW**
- **[Site Settings](docs/SITE_SETTINGS.md)** - Configuration options and settings
### **📊 Quick Reference**
- **Frontend Implementation**: 100% Complete ✅
- **Pages Implemented**: 10/10 (Users, Groups, Roles, Applications, RBAC Management) ✅
- **UI Components**: 6/6 (RsTable, RsCard, RsButton, RsBadge, FormKit, Breadcrumb) ✅
- **User Experience**: Modern, responsive, accessible interface ✅
- **Application Management**: Complete with Authentik integration ✅ **NEW**
- **Next Phase**: Backend API and authentication system ⏳
## 🤝 Contributing
1. Fork the repository
2. Create a feature branch
3. Commit your changes
4. Push to the branch
5. Create a Pull Request
## 📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
## 🆘 Support
For support and questions:
- Check the documentation in the `/docs` folder
- Create an issue for bugs or feature requests
- Review existing issues for common problems
---
**Built with ❤️ using Nuxt 3 and modern web technologies**

300
components/examples/PermissionExample.vue Normal file
View File

@ -0,0 +1,300 @@
<template>
<div class="permission-example">
<h2 class="text-xl font-bold mb-4">RBAC Permission System Example</h2>
<!-- Menu Navigation Example -->
<div class="mb-6">
<h3 class="text-lg font-medium mb-2">Menu Items (Permission-Based)</h3>
<nav class="flex space-x-4">
<NuxtLink
v-if="canViewDashboard"
to="/dashboard"
class="px-3 py-2 bg-blue-100 text-blue-800 rounded"
>
Dashboard
</NuxtLink>
<NuxtLink
v-if="canViewUsers"
to="/users"
class="px-3 py-2 bg-green-100 text-green-800 rounded"
>
Users
</NuxtLink>
<NuxtLink
v-if="canViewRBAC"
to="/rbac"
class="px-3 py-2 bg-purple-100 text-purple-800 rounded"
>
RBAC Management
</NuxtLink>
<span v-if="!canViewDashboard && !canViewUsers && !canViewRBAC" class="text-gray-500">
No menu items available
</span>
</nav>
</div>
<!-- Component-Level Permissions -->
<div class="mb-6">
<h3 class="text-lg font-medium mb-2">User Actions (Component Permissions)</h3>
<div class="space-y-2">
<div class="flex items-center space-x-2">
<span class="text-gray-700">John Doe</span>
<span class="text-gray-500">john@example.com</span>
<!-- Edit Button -->
<button
v-if="canEditUser"
@click="editUser"
class="px-3 py-1 bg-blue-500 text-white text-sm rounded hover:bg-blue-600"
>
<Icon name="ph:pencil" class="w-4 h-4 mr-1" />
Edit
</button>
<!-- Delete Button -->
<button
v-if="canDeleteUser"
@click="deleteUser"
class="px-3 py-1 bg-red-500 text-white text-sm rounded hover:bg-red-600"
>
<Icon name="ph:trash" class="w-4 h-4 mr-1" />
Delete
</button>
<!-- Sensitive Info (Conditional Display) -->
<span
v-if="canViewSensitiveInfo"
class="px-2 py-1 bg-yellow-100 text-yellow-800 text-xs rounded"
>
Salary: $75,000
</span>
</div>
</div>
</div>
<!-- Feature-Level Permissions -->
<div class="mb-6">
<h3 class="text-lg font-medium mb-2">Advanced Features</h3>
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
<!-- Data Export -->
<div class="p-4 border rounded-lg">
<h4 class="font-medium mb-2">Data Export</h4>
<button
v-if="canExportData"
@click="exportData"
class="w-full px-3 py-2 bg-green-500 text-white rounded hover:bg-green-600"
>
<Icon name="ph:download" class="w-4 h-4 mr-1" />
Export Data
</button>
<p v-else class="text-sm text-gray-500">Export not available</p>
</div>
<!-- Approval Workflow -->
<div class="p-4 border rounded-lg">
<h4 class="font-medium mb-2">Approvals</h4>
<button
v-if="canApproveRequests"
@click="approveRequest"
class="w-full px-3 py-2 bg-orange-500 text-white rounded hover:bg-orange-600"
>
<Icon name="ph:check" class="w-4 h-4 mr-1" />
Approve Requests
</button>
<p v-else class="text-sm text-gray-500">Approval not available</p>
</div>
<!-- System Backup -->
<div class="p-4 border rounded-lg">
<h4 class="font-medium mb-2">System Backup</h4>
<button
v-if="canSystemBackup"
@click="createBackup"
class="w-full px-3 py-2 bg-red-500 text-white rounded hover:bg-red-600"
>
<Icon name="ph:database" class="w-4 h-4 mr-1" />
Create Backup
</button>
<p v-else class="text-sm text-gray-500">Backup not available</p>
</div>
</div>
</div>
<!-- Reactive Permission Example -->
<div class="mb-6">
<h3 class="text-lg font-medium mb-2">Reactive Permission Check</h3>
<div class="p-4 bg-gray-50 rounded-lg">
<p class="text-sm mb-2">This demonstrates reactive permission checking:</p>
<div class="space-y-2">
<div v-if="bulkActionPermission.isLoading" class="text-gray-500">
<Icon name="ph:spinner" class="w-4 h-4 animate-spin mr-1" />
Checking bulk action permission...
</div>
<div v-else-if="bulkActionPermission.isAllowed" class="text-green-600">
<Icon name="ph:check-circle" class="w-4 h-4 mr-1" />
Bulk actions are enabled for your role
</div>
<div v-else class="text-red-600">
<Icon name="ph:x-circle" class="w-4 h-4 mr-1" />
Bulk actions are not available for your role
</div>
</div>
<button
@click="bulkActionPermission.checkPermission()"
class="mt-2 px-3 py-1 bg-blue-500 text-white text-sm rounded hover:bg-blue-600"
>
Recheck Permission
</button>
</div>
</div>
<!-- Permission Summary -->
<div class="bg-blue-50 p-4 rounded-lg">
<h3 class="text-lg font-medium mb-2">Your Current Permissions</h3>
<div class="grid grid-cols-2 md:grid-cols-4 gap-2 text-sm">
<div :class="canViewDashboard ? 'text-green-600' : 'text-red-600'">
<Icon :name="canViewDashboard ? 'ph:check' : 'ph:x'" class="w-4 h-4 mr-1" />
Dashboard Access
</div>
<div :class="canEditUser ? 'text-green-600' : 'text-red-600'">
<Icon :name="canEditUser ? 'ph:check' : 'ph:x'" class="w-4 h-4 mr-1" />
Edit Users
</div>
<div :class="canExportData ? 'text-green-600' : 'text-red-600'">
<Icon :name="canExportData ? 'ph:check' : 'ph:x'" class="w-4 h-4 mr-1" />
Export Data
</div>
<div :class="canApproveRequests ? 'text-green-600' : 'text-red-600'">
<Icon :name="canApproveRequests ? 'ph:check' : 'ph:x'" class="w-4 h-4 mr-1" />
Approve Requests
</div>
</div>
</div>
</div>
</template>
<script setup>
import {
useRbacPermissions,
useReactivePermission,
PERMISSION_KEYS,
PERMISSION_ACTIONS
} from '~/composables/useRbacPermissions'
// Initialize permission composable
const {
hasPermission,
canAccessMenu,
canSeeComponent,
canPerformAction,
preloadPermissions
} = useRbacPermissions()
// Menu permissions (reactive)
const canViewDashboard = ref(false)
const canViewUsers = ref(false)
const canViewRBAC = ref(false)
// Component permissions (reactive)
const canEditUser = ref(false)
const canDeleteUser = ref(false)
const canViewSensitiveInfo = ref(false)
// Feature permissions (reactive)
const canExportData = ref(false)
const canApproveRequests = ref(false)
const canSystemBackup = ref(false)
// Reactive permission example using composable
const bulkActionPermission = useReactivePermission(PERMISSION_KEYS.COMPONENT.USER_BULK_ACTIONS)
// Preload all required permissions for better performance
const requiredPermissions = [
PERMISSION_KEYS.MENU.DASHBOARD,
PERMISSION_KEYS.MENU.USERS,
PERMISSION_KEYS.MENU.RBAC,
PERMISSION_KEYS.COMPONENT.USER_EDIT_BUTTON,
PERMISSION_KEYS.COMPONENT.USER_DELETE_BUTTON,
PERMISSION_KEYS.COMPONENT.PROFILE_SENSITIVE_INFO,
PERMISSION_KEYS.FEATURE.EXPORT_DATA,
PERMISSION_KEYS.FEATURE.APPROVE_REQUESTS,
PERMISSION_KEYS.FEATURE.SYSTEM_BACKUP
]
// Check all permissions on component mount
onMounted(async () => {
try {
// Preload permissions for better performance
await preloadPermissions(requiredPermissions)
// Check menu permissions
canViewDashboard.value = await canAccessMenu('/dashboard')
canViewUsers.value = await canAccessMenu('/users')
canViewRBAC.value = await canAccessMenu('/rbac')
// Check component permissions
canEditUser.value = await canSeeComponent(PERMISSION_KEYS.COMPONENT.USER_EDIT_BUTTON)
canDeleteUser.value = await canSeeComponent(PERMISSION_KEYS.COMPONENT.USER_DELETE_BUTTON)
canViewSensitiveInfo.value = await canSeeComponent(PERMISSION_KEYS.COMPONENT.PROFILE_SENSITIVE_INFO)
// Check feature permissions
canExportData.value = await canPerformAction(PERMISSION_KEYS.FEATURE.EXPORT_DATA, PERMISSION_ACTIONS.EXPORT)
canApproveRequests.value = await canPerformAction(PERMISSION_KEYS.FEATURE.APPROVE_REQUESTS, PERMISSION_ACTIONS.APPROVE)
canSystemBackup.value = await canPerformAction(PERMISSION_KEYS.FEATURE.SYSTEM_BACKUP, PERMISSION_ACTIONS.CREATE)
} catch (error) {
console.error('Failed to load permissions:', error)
}
})
// Action handlers
const editUser = () => {
console.log('Edit user action')
// Implementation here
}
const deleteUser = () => {
console.log('Delete user action')
// Implementation here
}
const exportData = () => {
console.log('Export data action')
// Implementation here
}
const approveRequest = () => {
console.log('Approve request action')
// Implementation here
}
const createBackup = () => {
console.log('Create backup action')
// Implementation here
}
</script>
<style scoped>
.permission-example {
@apply max-w-4xl mx-auto p-6;
}
.animate-spin {
animation: spin 1s linear infinite;
}
@keyframes spin {
from {
transform: rotate(0deg);
}
to {
transform: rotate(360deg);
}
}
</style>

2
components/layouts/Header.vue
View File

@ -279,7 +279,7 @@ const currentLogo = computed(() => {
<ul class="header-dropdown w-full md:w-52">
<li>
<a
href="/logout"
href="/api/auth/logout"
class="flex items-center cursor-pointer py-2 px-4 hover:bg-[rgb(var(--bg-1))]"
>
<Icon name="ic:outline-logout" class="mr-2" />

162
components/rbac/GroupCard.vue Normal file
View File

@ -0,0 +1,162 @@
<template>
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<div>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">{{ group.name }}</h3>
<p class="text-sm text-gray-600 dark:text-gray-400">{{ group.description }}</p>
</div>
<div class="flex items-center space-x-2">
<rs-badge variant="info">{{ group.userCount }} users</rs-badge>
<rs-badge
:variant="group.authentikSynced ? 'success' : 'warning'"
class="text-xs"
>
{{ group.authentikSynced ? 'Synced' : 'Manual' }}
</rs-badge>
</div>
</div>
</template>
<template #body>
<div class="space-y-4">
<!-- Role Assignment Section -->
<div>
<div class="flex items-center justify-between mb-3">
<h4 class="text-sm font-medium text-gray-900 dark:text-white">Assigned Roles</h4>
<span class="text-xs text-gray-500 dark:text-gray-400">
{{ assignedRoleCount }} of {{ availableRoles.length }} roles
</span>
</div>
<div class="space-y-2">
<label v-for="role in availableRoles" :key="role.id" class="flex items-center group">
<input
type="checkbox"
:checked="isRoleAssigned(role.id)"
@change="handleRoleToggle(role.id, $event)"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded transition-colors"
/>
<div class="ml-3 flex-1 flex items-center justify-between">
<div>
<span class="text-sm text-gray-900 dark:text-white">{{ role.name }}</span>
<p class="text-xs text-gray-500 dark:text-gray-400">{{ role.description }}</p>
</div>
<div class="flex items-center space-x-2">
<rs-badge variant="secondary" class="text-xs">{{ role.userCount }}</rs-badge>
<button
v-if="isRoleAssigned(role.id)"
@click="$emit('view-role-details', role.id)"
class="opacity-0 group-hover:opacity-100 text-primary hover:text-primary/80 text-xs transition-opacity"
>
View Details
</button>
</div>
</div>
</label>
</div>
</div>
<!-- Quick Actions -->
<div class="pt-4 border-t border-gray-200 dark:border-gray-700">
<div class="flex items-center justify-between">
<div class="flex space-x-2">
<rs-button
@click="$emit('apply-template', 'admin')"
variant="primary-outline"
size="sm"
class="text-xs"
>
Admin Template
</rs-button>
<rs-button
@click="$emit('apply-template', 'viewer')"
variant="primary-outline"
size="sm"
class="text-xs"
>
Viewer Template
</rs-button>
</div>
<rs-button
@click="$emit('manage-users')"
variant="primary-outline"
size="sm"
class="text-xs"
>
<Icon name="ph:users" class="w-3 h-3 mr-1" />
Manage Users
</rs-button>
</div>
</div>
<!-- Group Metadata -->
<div class="pt-3 border-t border-gray-200 dark:border-gray-700">
<div class="grid grid-cols-2 gap-4 text-xs text-gray-500 dark:text-gray-400">
<div>
<span class="font-medium">Authentik UUID:</span>
<p class="font-mono mt-1 break-all">{{ group.authentikUUID }}</p>
</div>
<div>
<span class="font-medium">Last Sync:</span>
<p class="mt-1">{{ formatDate(group.lastSync) }}</p>
</div>
</div>
</div>
</div>
</template>
</rs-card>
</template>
<script setup>
import { computed } from 'vue'
const props = defineProps({
group: {
type: Object,
required: true
},
availableRoles: {
type: Array,
required: true
},
assignedRoles: {
type: Array,
default: () => []
}
})
const emit = defineEmits([
'role-changed',
'apply-template',
'manage-users',
'view-role-details'
])
const assignedRoleCount = computed(() => props.assignedRoles.length)
const isRoleAssigned = (roleId) => {
return props.assignedRoles.includes(roleId)
}
const handleRoleToggle = (roleId, event) => {
const assigned = event.target.checked
emit('role-changed', { groupId: props.group.id, roleId, assigned })
}
const formatDate = (dateString) => {
if (!dateString) return 'Never'
return new Date(dateString).toLocaleDateString('en-US', {
month: 'short',
day: 'numeric',
hour: '2-digit',
minute: '2-digit'
})
}
</script>
<style scoped>
.group:hover .opacity-0 {
@apply opacity-100;
}
</style>

118
components/rbac/PermissionMatrix.vue Normal file
View File

@ -0,0 +1,118 @@
<template>
<div class="permission-matrix">
<div class="overflow-x-auto">
<table class="min-w-full">
<thead>
<tr class="border-b border-gray-200 dark:border-gray-700">
<th class="text-left py-3 px-4 font-medium text-gray-900 dark:text-white">
{{ resourceTypeLabel }}
</th>
<th v-for="role in roles" :key="role.id" class="text-center py-3 px-4 font-medium text-gray-900 dark:text-white">
<div>{{ role.name }}</div>
<div v-if="showActions" class="text-xs font-normal text-gray-500 dark:text-gray-400">Actions</div>
</th>
</tr>
</thead>
<tbody>
<tr v-for="resource in resources" :key="resource.id" class="border-b border-gray-100 dark:border-gray-800">
<td class="py-3 px-4">
<div :style="{ paddingLeft: (resource.level * 20) + 'px' }">
<div class="font-medium text-gray-900 dark:text-white">{{ resource.name }}</div>
<div class="text-xs text-gray-500 dark:text-gray-400 font-mono">{{ resource.key }}</div>
<div v-if="resource.path" class="text-xs text-gray-400 dark:text-gray-500">{{ resource.path }}</div>
</div>
</td>
<td v-for="role in roles" :key="role.id" class="text-center py-3 px-4">
<!-- Simple checkbox for menu/component permissions -->
<input
v-if="!showActions"
type="checkbox"
:checked="hasPermission(role.id, resource.id)"
@change="togglePermission(role.id, resource.id, 'view', $event)"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded"
/>
<!-- Action-based permissions for features -->
<div v-else class="flex flex-wrap justify-center gap-1">
<label
v-for="action in actions"
:key="action.id"
class="flex items-center text-xs"
:title="action.label"
>
<input
type="checkbox"
:checked="hasPermission(role.id, resource.id, action.id)"
@change="togglePermission(role.id, resource.id, action.name, $event)"
class="h-3 w-3 text-primary focus:ring-primary border-gray-300 rounded mr-1"
/>
<Icon :name="action.icon" class="w-3 h-3" />
</label>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</template>
<script setup>
const props = defineProps({
resourceTypeLabel: {
type: String,
required: true
},
resources: {
type: Array,
required: true
},
roles: {
type: Array,
required: true
},
actions: {
type: Array,
default: () => []
},
showActions: {
type: Boolean,
default: false
},
permissions: {
type: Object,
default: () => ({})
}
})
const emit = defineEmits(['permission-changed'])
const hasPermission = (roleId, resourceId, actionId = '1') => {
const key = `${roleId}-${resourceId}-${actionId}`
return props.permissions[key] || false
}
const togglePermission = (roleId, resourceId, action, event) => {
const granted = event.target.checked
emit('permission-changed', { roleId, resourceId, action, granted })
}
</script>
<style scoped>
.permission-matrix table {
@apply border-collapse;
}
.permission-matrix th,
.permission-matrix td {
@apply border-0;
}
.permission-matrix input[type="checkbox"] {
@apply transition-colors duration-200;
}
.permission-matrix input[type="checkbox"]:focus {
@apply ring-offset-0;
}
</style>

238
components/rbac/RoleTemplates.vue Normal file
View File

@ -0,0 +1,238 @@
<template>
<rs-card>
<template #header>
<div>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Quick Role Templates</h3>
<p class="text-sm text-gray-600 dark:text-gray-400">Apply pre-configured permission sets to roles</p>
</div>
</template>
<template #body>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
<div
v-for="template in templates"
:key="template.id"
@click="applyTemplate(template.id)"
class="template-card cursor-pointer p-4 border border-gray-200 dark:border-gray-700 rounded-lg hover:border-primary-500 hover:bg-primary-50 dark:hover:bg-primary-900/10 transition-colors group"
>
<div class="flex items-center mb-3">
<div
class="p-2 rounded-lg mr-3 transition-colors"
:class="template.iconBg"
>
<Icon
:name="template.icon"
class="w-5 h-5"
:class="template.iconColor"
/>
</div>
<div>
<h4 class="font-medium text-gray-900 dark:text-white">{{ template.name }}</h4>
<p class="text-xs text-gray-500 dark:text-gray-400">{{ template.userCount }} users</p>
</div>
</div>
<p class="text-sm text-gray-600 dark:text-gray-400 mb-3">{{ template.description }}</p>
<!-- Permission Preview -->
<div class="space-y-2">
<div class="flex items-center justify-between text-xs">
<span class="text-gray-500 dark:text-gray-400">Permissions</span>
<span class="font-medium text-gray-700 dark:text-gray-300">{{ template.permissionCount }}</span>
</div>
<!-- Permission Categories -->
<div class="flex flex-wrap gap-1">
<span
v-for="category in template.categories"
:key="category"
class="inline-flex items-center px-2 py-0.5 rounded text-xs font-medium bg-gray-100 dark:bg-gray-800 text-gray-700 dark:text-gray-300"
>
{{ category }}
</span>
</div>
<!-- Permission Level Indicator -->
<div class="flex items-center mt-2">
<div class="flex-1 bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
<div
class="h-1.5 rounded-full transition-all duration-300"
:class="template.levelColor"
:style="{ width: template.permissionLevel + '%' }"
></div>
</div>
<span class="ml-2 text-xs text-gray-500 dark:text-gray-400">{{ template.levelLabel }}</span>
</div>
</div>
<!-- Apply Button -->
<div class="mt-3 pt-3 border-t border-gray-200 dark:border-gray-700">
<rs-button
@click.stop="applyTemplate(template.id)"
variant="primary-outline"
size="sm"
class="w-full text-xs"
>
Apply Template
</rs-button>
</div>
</div>
</div>
<!-- Selected Role Info -->
<div v-if="selectedRole" class="mt-6 p-4 bg-blue-50 dark:bg-blue-900/20 rounded-lg">
<div class="flex items-center">
<Icon name="ph:info" class="w-5 h-5 text-blue-600 dark:text-blue-400 mr-2" />
<span class="text-sm text-blue-800 dark:text-blue-200">
Template will be applied to <strong>{{ selectedRole.name }}</strong> role
</span>
</div>
</div>
<!-- Custom Template Creator -->
<div class="mt-6 pt-6 border-t border-gray-200 dark:border-gray-700">
<div class="flex items-center justify-between mb-4">
<h4 class="text-sm font-medium text-gray-900 dark:text-white">Custom Templates</h4>
<rs-button
@click="$emit('create-custom-template')"
variant="primary-outline"
size="sm"
>
<Icon name="ph:plus" class="w-4 h-4 mr-1" />
Create Custom
</rs-button>
</div>
<div v-if="customTemplates.length > 0" class="grid grid-cols-1 md:grid-cols-2 gap-3">
<div
v-for="customTemplate in customTemplates"
:key="customTemplate.id"
class="flex items-center justify-between p-3 border border-gray-200 dark:border-gray-700 rounded-lg"
>
<div>
<h5 class="text-sm font-medium text-gray-900 dark:text-white">{{ customTemplate.name }}</h5>
<p class="text-xs text-gray-500 dark:text-gray-400">{{ customTemplate.description }}</p>
</div>
<div class="flex items-center space-x-2">
<button
@click="applyTemplate(customTemplate.id)"
class="text-xs text-primary hover:text-primary/80"
>
Apply
</button>
<button
@click="$emit('edit-custom-template', customTemplate.id)"
class="text-xs text-gray-500 dark:text-gray-400 hover:text-gray-700"
>
Edit
</button>
</div>
</div>
</div>
<div v-else class="text-center py-4">
<p class="text-sm text-gray-500 dark:text-gray-400">No custom templates created yet</p>
</div>
</div>
</template>
</rs-card>
</template>
<script setup>
const props = defineProps({
selectedRole: {
type: Object,
default: null
},
customTemplates: {
type: Array,
default: () => []
}
})
const emit = defineEmits([
'template-applied',
'create-custom-template',
'edit-custom-template'
])
const templates = [
{
id: 'administrator',
name: 'Administrator',
description: 'Full access to all features and functions',
icon: 'ph:crown',
iconColor: 'text-yellow-600 dark:text-yellow-400',
iconBg: 'bg-yellow-100 dark:bg-yellow-900/30',
userCount: 2,
permissionCount: 45,
permissionLevel: 100,
levelLabel: 'Full Access',
levelColor: 'bg-red-500',
categories: ['All Menus', 'All Components', 'All Features']
},
{
id: 'manager',
name: 'Manager',
description: 'Team management and approval permissions',
icon: 'ph:briefcase',
iconColor: 'text-blue-600 dark:text-blue-400',
iconBg: 'bg-blue-100 dark:bg-blue-900/30',
userCount: 8,
permissionCount: 28,
permissionLevel: 75,
levelLabel: 'High Access',
levelColor: 'bg-orange-500',
categories: ['Management', 'Approval', 'Reports']
},
{
id: 'editor',
name: 'Editor',
description: 'Content creation and editing capabilities',
icon: 'ph:pencil',
iconColor: 'text-green-600 dark:text-green-400',
iconBg: 'bg-green-100 dark:bg-green-900/30',
userCount: 15,
permissionCount: 18,
permissionLevel: 50,
levelLabel: 'Medium Access',
levelColor: 'bg-yellow-500',
categories: ['Content', 'Basic Edit', 'View']
},
{
id: 'viewer',
name: 'Viewer',
description: 'Read-only access to assigned areas',
icon: 'ph:eye',
iconColor: 'text-gray-600 dark:text-gray-400',
iconBg: 'bg-gray-100 dark:bg-gray-900/30',
userCount: 25,
permissionCount: 8,
permissionLevel: 25,
levelLabel: 'View Only',
levelColor: 'bg-blue-500',
categories: ['View Only', 'Basic Access']
}
]
const applyTemplate = (templateId) => {
emit('template-applied', templateId)
}
</script>
<style scoped>
.template-card:hover .bg-yellow-100 {
@apply bg-yellow-200;
}
.template-card:hover .bg-blue-100 {
@apply bg-blue-200;
}
.template-card:hover .bg-green-100 {
@apply bg-green-200;
}
.template-card:hover .bg-gray-100 {
@apply bg-gray-200;
}
</style>

217
components/rbac/StatsCards.vue Normal file
View File

@ -0,0 +1,217 @@
<template>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-6">
<rs-card v-for="stat in stats" :key="stat.id">
<template #body>
<div class="flex items-center">
<div class="flex-1">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">{{ stat.label }}</p>
<p class="text-2xl font-semibold text-gray-900 dark:text-white">
{{ formatValue(stat.value, stat.type) }}
</p>
<div v-if="stat.trend" class="flex items-center mt-1">
<Icon
:name="stat.trend.direction === 'up' ? 'ph:trend-up' : 'ph:trend-down'"
class="w-4 h-4 mr-1"
:class="stat.trend.direction === 'up' ? 'text-green-500' : 'text-red-500'"
/>
<span
class="text-xs font-medium"
:class="stat.trend.direction === 'up' ? 'text-green-600' : 'text-red-600'"
>
{{ stat.trend.value }}{{ stat.trend.type === 'percentage' ? '%' : '' }}
</span>
<span class="text-xs text-gray-500 dark:text-gray-400 ml-1">vs last month</span>
</div>
</div>
<div class="flex-shrink-0">
<div
class="p-3 rounded-lg transition-colors"
:class="stat.iconBg"
>
<Icon
:name="stat.icon"
class="w-6 h-6"
:class="stat.iconColor"
/>
</div>
</div>
</div>
<!-- Progress bar for certain stats -->
<div v-if="stat.progress" class="mt-3">
<div class="flex items-center justify-between text-xs text-gray-600 dark:text-gray-400 mb-1">
<span>{{ stat.progress.label }}</span>
<span>{{ stat.progress.current }} / {{ stat.progress.total }}</span>
</div>
<div class="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-1.5">
<div
class="h-1.5 rounded-full transition-all duration-300"
:class="stat.progress.color"
:style="{ width: (stat.progress.current / stat.progress.total * 100) + '%' }"
></div>
</div>
</div>
<!-- Quick action button -->
<div v-if="stat.action" class="mt-3">
<button
@click="$emit('stat-action', stat.action.type)"
class="w-full text-xs font-medium text-primary hover:text-primary/80 transition-colors"
>
{{ stat.action.label }}
</button>
</div>
</template>
</rs-card>
</div>
</template>
<script setup>
const props = defineProps({
totalGroups: {
type: Number,
default: 0
},
totalRoles: {
type: Number,
default: 0
},
totalUsers: {
type: Number,
default: 0
},
totalResources: {
type: Number,
default: 0
},
activePermissions: {
type: Number,
default: 0
},
totalPermissions: {
type: Number,
default: 0
},
lastSyncTime: {
type: String,
default: null
},
trends: {
type: Object,
default: () => ({})
}
})
const emit = defineEmits(['stat-action'])
const stats = computed(() => [
{
id: 'groups',
label: 'Total Groups',
value: props.totalGroups,
type: 'number',
icon: 'ph:users-three',
iconColor: 'text-blue-600 dark:text-blue-400',
iconBg: 'bg-blue-100 dark:bg-blue-900/30',
trend: props.trends.groups ? {
direction: props.trends.groups >= 0 ? 'up' : 'down',
value: Math.abs(props.trends.groups),
type: 'number'
} : null,
action: {
type: 'sync-groups',
label: 'Sync from Authentik'
}
},
{
id: 'roles',
label: 'Total Roles',
value: props.totalRoles,
type: 'number',
icon: 'ph:shield-check',
iconColor: 'text-green-600 dark:text-green-400',
iconBg: 'bg-green-100 dark:bg-green-900/30',
trend: props.trends.roles ? {
direction: props.trends.roles >= 0 ? 'up' : 'down',
value: Math.abs(props.trends.roles),
type: 'number'
} : null,
action: {
type: 'manage-roles',
label: 'Manage Roles'
}
},
{
id: 'users',
label: 'Total Users',
value: props.totalUsers,
type: 'number',
icon: 'ph:user',
iconColor: 'text-purple-600 dark:text-purple-400',
iconBg: 'bg-purple-100 dark:bg-purple-900/30',
trend: props.trends.users ? {
direction: props.trends.users >= 0 ? 'up' : 'down',
value: Math.abs(props.trends.users),
type: 'percentage'
} : null,
progress: {
label: 'Active Users',
current: Math.floor(props.totalUsers * 0.85), // 85% active users
total: props.totalUsers,
color: 'bg-purple-500'
}
},
{
id: 'resources',
label: 'Resources',
value: props.totalResources,
type: 'number',
icon: 'ph:package',
iconColor: 'text-orange-600 dark:text-orange-400',
iconBg: 'bg-orange-100 dark:bg-orange-900/30',
progress: {
label: 'Configured',
current: props.activePermissions,
total: props.totalPermissions,
color: 'bg-orange-500'
},
action: {
type: 'manage-permissions',
label: 'Configure Permissions'
}
}
])
const formatValue = (value, type) => {
if (type === 'number') {
return value.toLocaleString()
}
if (type === 'percentage') {
return value + '%'
}
return value
}
</script>
<style scoped>
/* Add subtle hover effects */
.rs-card:hover {
@apply transform scale-[1.02] transition-transform duration-200;
}
.rs-card:hover .bg-blue-100 {
@apply bg-blue-200;
}
.rs-card:hover .bg-green-100 {
@apply bg-green-200;
}
.rs-card:hover .bg-purple-100 {
@apply bg-purple-200;
}
.rs-card:hover .bg-orange-100 {
@apply bg-orange-200;
}
</style>

80
composables/useAuth.js Normal file
View File

@ -0,0 +1,80 @@
// Authentication composable for Authentik integration
export const useAuth = () => {
const user = ref(null);
const isAuthenticated = ref(false);
const isLoading = ref(false);
// Check if user is authenticated
const checkAuth = async () => {
isLoading.value = true;
try {
const response = await $fetch('/api/auth/validate');
if (response.statusCode === 200) {
user.value = response.user;
isAuthenticated.value = true;
return true;
} else {
user.value = null;
isAuthenticated.value = false;
return false;
}
} catch (error) {
user.value = null;
isAuthenticated.value = false;
return false;
} finally {
isLoading.value = false;
}
};
// Get current user info
const getCurrentUser = async () => {
try {
const userData = await $fetch('/api/auth/me');
user.value = userData;
isAuthenticated.value = true;
return userData;
} catch (error) {
user.value = null;
isAuthenticated.value = false;
throw error;
}
};
// Login redirect
const login = () => {
return navigateTo('/api/auth/login', { external: true });
};
// Logout
const logout = () => {
user.value = null;
isAuthenticated.value = false;
return navigateTo('/api/auth/logout', { external: true });
};
// Require authentication (for route guards)
const requireAuth = async () => {
const isAuth = await checkAuth();
if (!isAuth) {
throw createError({
statusCode: 401,
statusMessage: 'Authentication required'
});
}
return user.value;
};
return {
user: readonly(user),
isAuthenticated: readonly(isAuthenticated),
isLoading: readonly(isLoading),
checkAuth,
getCurrentUser,
login,
logout,
requireAuth
};
};

221
composables/useRbacPermissions.js Normal file
View File

@ -0,0 +1,221 @@
export const useRbacPermissions = () => {
const permissionCache = ref(new Map())
const batchCache = ref(new Map())
/**
* Check if the current user has a specific permission
* @param {string} permissionKey - The unique permission key (e.g., 'menu.dashboard', 'component.user.edit_button')
* @param {string} action - The action to check (default: 'view')
* @returns {Promise<boolean>} - Whether the user has the permission
*/
const hasPermission = async (permissionKey, action = 'view') => {
// Check local cache first
const cacheKey = `${permissionKey}:${action}`
if (permissionCache.value.has(cacheKey)) {
return permissionCache.value.get(cacheKey)
}
try {
const { data } = await $fetch('/api/rbac/check-permission', {
method: 'POST',
body: { permissionKey, action }
})
// Cache result locally
permissionCache.value.set(cacheKey, data.hasPermission)
return data.hasPermission
} catch (error) {
console.error('Permission check failed:', error)
return false // Fail secure
}
}
/**
* Check multiple permissions at once (more efficient for bulk checks)
* @param {string[]} permissionKeys - Array of permission keys to check
* @param {string} action - The action to check for all keys (default: 'view')
* @returns {Promise<Object>} - Object with permission keys as keys and boolean results as values
*/
const hasPermissions = async (permissionKeys, action = 'view') => {
// Check cache for already known permissions
const results = {}
const uncachedKeys = []
for (const key of permissionKeys) {
const cacheKey = `${key}:${action}`
if (permissionCache.value.has(cacheKey)) {
results[key] = permissionCache.value.get(cacheKey)
} else {
uncachedKeys.push(key)
}
}
// If all permissions are cached, return immediately
if (uncachedKeys.length === 0) {
return results
}
try {
const { data } = await $fetch('/api/rbac/check-permissions-batch', {
method: 'POST',
body: { permissionKeys: uncachedKeys, action }
})
// Cache results locally and add to final results
Object.entries(data.permissions).forEach(([key, hasAccess]) => {
const cacheKey = `${key}:${action}`
permissionCache.value.set(cacheKey, hasAccess)
results[key] = hasAccess
})
return results
} catch (error) {
console.error('Batch permission check failed:', error)
// Return false for uncached keys
uncachedKeys.forEach(key => {
results[key] = false
})
return results
}
}
/**
* Check if user can access a specific menu item
* @param {string} menuPath - Menu path or key
* @returns {Promise<boolean>}
*/
const canAccessMenu = async (menuPath) => {
const menuKey = menuPath.startsWith('menu.') ? menuPath : `menu.${menuPath.replace(/^\//, '').replace(/\//g, '.')}`
return await hasPermission(menuKey, 'view')
}
/**
* Check if user can see a specific component
* @param {string} componentKey - Component permission key
* @returns {Promise<boolean>}
*/
const canSeeComponent = async (componentKey) => {
const fullKey = componentKey.startsWith('component.') ? componentKey : `component.${componentKey}`
return await hasPermission(fullKey, 'view')
}
/**
* Check if user can perform a specific feature action
* @param {string} featureKey - Feature permission key
* @param {string} action - Action to check (create, edit, delete, approve, etc.)
* @returns {Promise<boolean>}
*/
const canPerformAction = async (featureKey, action) => {
const fullKey = featureKey.startsWith('feature.') ? featureKey : `feature.${featureKey}`
return await hasPermission(fullKey, action)
}
/**
* Clear the permission cache (useful after role changes)
*/
const clearCache = () => {
permissionCache.value.clear()
batchCache.value.clear()
}
/**
* Pre-load permissions for better performance
* @param {string[]} permissionKeys - Array of permission keys to preload
*/
const preloadPermissions = async (permissionKeys) => {
await hasPermissions(permissionKeys)
}
/**
* Get cached permission state (useful for reactive UI updates)
* @param {string} permissionKey
* @param {string} action
* @returns {boolean|null} - null if not cached, boolean if cached
*/
const getCachedPermission = (permissionKey, action = 'view') => {
const cacheKey = `${permissionKey}:${action}`
return permissionCache.value.has(cacheKey) ? permissionCache.value.get(cacheKey) : null
}
return {
hasPermission,
hasPermissions,
canAccessMenu,
canSeeComponent,
canPerformAction,
clearCache,
preloadPermissions,
getCachedPermission
}
}
// Permission key constants for type safety and consistency
export const PERMISSION_KEYS = {
// Menu permissions
MENU: {
DASHBOARD: 'menu.dashboard',
USERS: 'menu.users',
USERS_LIST: 'menu.users.list',
USERS_CREATE: 'menu.users.create',
RBAC: 'menu.rbac',
RBAC_ROLES: 'menu.rbac.roles',
RBAC_PERMISSIONS: 'menu.rbac.permissions',
REPORTS: 'menu.reports',
SETTINGS: 'menu.settings'
},
// Component permissions
COMPONENT: {
USER_EDIT_BUTTON: 'component.user.edit_button',
USER_DELETE_BUTTON: 'component.user.delete_button',
USER_BULK_ACTIONS: 'component.user.bulk_actions',
PROFILE_SENSITIVE_INFO: 'component.profile.sensitive_info',
FINANCIAL_DATA: 'component.financial.data',
APPROVAL_WORKFLOW: 'component.approval.workflow'
},
// Feature permissions
FEATURE: {
EXPORT_DATA: 'feature.export.data',
APPROVE_REQUESTS: 'feature.approve.requests',
SYSTEM_BACKUP: 'feature.system.backup',
USER_IMPERSONATION: 'feature.user.impersonation',
BULK_USER_OPERATIONS: 'feature.bulk.user_operations'
}
}
// Common action types
export const PERMISSION_ACTIONS = {
VIEW: 'view',
CREATE: 'create',
EDIT: 'edit',
DELETE: 'delete',
APPROVE: 'approve',
EXPORT: 'export',
IMPORT: 'import'
}
// Helper function for reactive permission checking in templates
export const useReactivePermission = (permissionKey, action = 'view') => {
const { hasPermission } = useRbacPermissions()
const isAllowed = ref(false)
const isLoading = ref(true)
const checkPermission = async () => {
try {
isLoading.value = true
isAllowed.value = await hasPermission(permissionKey, action)
} catch (error) {
console.error('Permission check failed:', error)
isAllowed.value = false
} finally {
isLoading.value = false
}
}
// Check permission on component mount
onMounted(checkPermission)
return { isAllowed, isLoading, checkPermission }
}

8
composables/useVoiceReader.js
View File

@ -35,10 +35,10 @@ export function useVoiceReader() {
};
const handleKeydown = (event) => {
if (event.ctrlKey && event.key === "r") {
event.preventDefault();
toggleReading();
}
// if (event.ctrlKey && event.key === "r") {
// event.preventDefault();
// toggleReading();
// }
};
const announce = (message) => {

92
docker/docker-compose.yml Normal file
View File

@ -0,0 +1,92 @@
---
services:
postgresql:
image: docker.io/library/postgres:16-alpine
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
volumes:
- database:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: ${PG_PASS:?database password required}
POSTGRES_USER: ${PG_USER:-authentik}
POSTGRES_DB: ${PG_DB:-authentik}
env_file:
- .env
redis:
image: docker.io/library/redis:alpine
command: --save 60 1 --loglevel warning
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
volumes:
- redis:/data
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.1}
restart: unless-stopped
command: server
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
volumes:
- ./media:/media
- ./custom-templates:/templates
env_file:
- .env
ports:
- "${COMPOSE_PORT_HTTP:-9000}:9000"
- "${COMPOSE_PORT_HTTPS:-9443}:9443"
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.4.1}
restart: unless-stopped
command: worker
environment:
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY:?secret key required}
AUTHENTIK_REDIS__HOST: redis
AUTHENTIK_POSTGRESQL__HOST: postgresql
AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# `user: root` and the docker socket volume are optional.
# See more for the docker socket integration here:
# https://goauthentik.io/docs/outposts/integrations/docker
# Removing `user: root` also prevents the worker from fixing the permissions
# on the mounted folders, so when removing this make sure the folders have the correct UID/GID
# (1000:1000 by default)
user: root
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
env_file:
- .env
depends_on:
postgresql:
condition: service_healthy
redis:
condition: service_healthy
volumes:
database:
driver: local
redis:
driver: local

196
docs/01_BUSINESS_JUSTIFICATION_RBAC.md Normal file
View File

@ -0,0 +1,196 @@
# Business Justification: RBAC Management System on Authentik
## Executive Summary
This document provides the business rationale for developing a Role-Based Access Control (RBAC) management layer on top of our existing Authentik authentication infrastructure. While Authentik provides robust authentication and basic authorization capabilities, our business requirements necessitate a more sophisticated, user-friendly, and scalable permission management system.
## Current Business Challenges
### 1. **Multi-Application Permission Complexity**
- **Problem**: We manage multiple applications (corradAF, HR System, Finance System, etc.) each with different permission requirements
- **Current State**: Each application manages permissions independently, creating inconsistencies
- **Business Impact**:
- Administrative overhead increases exponentially with each new application
- Inconsistent user experience across applications
- Higher risk of permission errors and security gaps
### 2. **Administrative Burden**
- **Problem**: Managing permissions through Authentik's admin interface requires technical expertise
- **Current State**: Only IT personnel can manage user permissions effectively
- **Business Impact**:
- HR and department managers cannot self-manage team permissions
- IT becomes a bottleneck for routine permission changes
- Delayed onboarding/offboarding processes
### 3. **Lack of Business-Friendly Interface**
- **Problem**: Authentik's interface is designed for technical administrators, not business users
- **Current State**: Complex permission structures that don't align with business roles
- **Business Impact**:
- Training costs for non-technical staff
- Errors in permission assignment
- Resistance to proper permission management practices
### 4. **Scalability Limitations**
- **Problem**: As we grow, managing permissions across applications becomes unmanageable
- **Current State**: Manual, application-by-application permission management
- **Business Impact**:
- Cannot scale efficiently with business growth
- Higher operational costs
- Increased security risks
## Proposed Solution: RBAC Management System
### Solution Overview
Develop a centralized RBAC management system that sits on top of Authentik, providing:
- Business-friendly permission management interface
- Unified permission model across all applications
- Granular menu and component-level access control
- Self-service capabilities for department managers
### Why Build on Top of Authentik Instead of Replacing It?
#### ✅ **Leveraging Existing Investment**
- **Authentik Strengths We Keep**:
- Proven authentication security (OAuth/OIDC, MFA)
- User management and directory integration
- SSO capabilities across applications
- Regular security updates and community support
- **ROI**: Maximize existing Authentik investment rather than starting from scratch
#### ✅ **Risk Mitigation**
- **Security**: Build on proven authentication foundation rather than creating custom auth
- **Compliance**: Leverage Authentik's compliance features (SAML, LDAP integration)
- **Maintenance**: Avoid reinventing complex authentication protocols
#### ✅ **Faster Time to Market**
- **Development**: Focus on business logic, not authentication infrastructure
- **Testing**: Leverage Authentik's tested authentication flows
- **Deployment**: Use existing Authentik infrastructure
## Business Benefits
### 1. **Operational Efficiency**
- **Self-Service Management**: Department managers can manage team permissions
- **Reduced IT Burden**: 70% reduction in permission-related IT tickets
- **Faster Onboarding**: Automated role assignment reduces onboarding time from days to hours
### 2. **Cost Savings**
- **Reduced Administrative Overhead**: Estimated 40% reduction in permission management time
- **Lower Training Costs**: Business-friendly interface requires minimal training
- **Improved Productivity**: Users spend less time waiting for permission changes
### 3. **Enhanced Security**
- **Consistent Permissions**: Unified model reduces permission inconsistencies
- **Audit Trail**: Complete visibility into permission changes across all applications
- **Principle of Least Privilege**: Role templates ensure users get only necessary permissions
### 4. **Scalability**
- **Multi-Application Support**: Single interface for all current and future applications
- **Organization Support**: Ready for multi-tenant scenarios as business grows
- **Template-Based Roles**: Quick role deployment for new applications
### 5. **Improved User Experience**
- **Consistent Interface**: Same permission model across all applications
- **Role Templates**: Pre-defined roles (Manager, Editor, Viewer) for quick assignment
- **Real-Time Updates**: Permission changes take effect immediately
## Financial Justification
### Cost-Benefit Analysis
#### Development Investment
- **Initial Development**: 8 weeks (1 senior developer)
- **Estimated Cost**: $40,000 - $60,000
- **Ongoing Maintenance**: 10% of development cost annually
#### Expected Savings (Annual)
- **Reduced IT Administrative Time**: $25,000
- **Faster User Onboarding**: $15,000
- **Reduced Permission Errors/Incidents**: $10,000
- **Improved User Productivity**: $20,000
- **Total Annual Savings**: $70,000
#### ROI Calculation
- **Year 1**: Break-even
- **Year 2**: 140% ROI
- **Year 3**: 240% ROI
### Risk Assessment
#### Technical Risks (LOW)
- **Mitigation**: Building on proven Authentik foundation
- **Fallback**: Can revert to direct Authentik management if needed
- **Testing**: Comprehensive testing strategy planned
#### Business Risks (LOW)
- **User Adoption**: Business-friendly interface designed for high adoption
- **Training**: Minimal training required due to intuitive design
- **Change Management**: Gradual rollout planned
## Competitive Advantage
### 1. **Market Differentiation**
- Unified permission management across applications
- Business-friendly permission interface
- Faster client onboarding and management
### 2. **Operational Excellence**
- Reduced manual processes
- Improved security posture
- Better compliance reporting
### 3. **Growth Enablement**
- Scalable permission architecture
- Support for multi-organization scenarios
- Foundation for future application integrations
## Implementation Strategy
### Phase 1: Foundation (Weeks 1-2)
- Develop core RBAC infrastructure
- Integrate with existing Authentik
- Basic permission checking capabilities
### Phase 2: Business Interface (Weeks 3-4)
- Business-friendly management interface
- Role templates and self-service capabilities
- Multi-application support
### Phase 3: Advanced Features (Weeks 5-6)
- Granular menu/component permissions
- Advanced reporting and audit trails
- Performance optimizations
### Phase 4: Production & Training (Weeks 7-8)
- Production deployment
- User training and change management
- Documentation and support materials
## Success Metrics
### Operational Metrics
- **Permission Management Time**: Target 60% reduction
- **IT Ticket Volume**: Target 70% reduction in permission-related tickets
- **User Onboarding Time**: Target 50% reduction
- **Permission Error Rate**: Target 80% reduction
### Business Metrics
- **User Satisfaction**: Target >90% satisfaction with permission management
- **Administrative Cost**: Target 40% reduction in permission management costs
- **Security Incidents**: Target zero permission-related security incidents
- **Compliance**: 100% audit trail coverage
## Conclusion
The proposed RBAC management system addresses critical business needs while leveraging our existing Authentik investment. The solution provides:
1. **Immediate Business Value**: Simplified permission management and reduced administrative burden
2. **Long-term Strategic Advantage**: Scalable foundation for multi-application growth
3. **Strong ROI**: Break-even in Year 1, substantial returns thereafter
4. **Low Risk**: Building on proven technology with comprehensive fallback options
**Recommendation**: Proceed with the RBAC management system development as outlined, with an 8-week implementation timeline and go-live target of [Date].
---
*This proposal aligns with our strategic objectives of operational efficiency, enhanced security, and scalable growth while maximizing the return on our existing technology investments.*

302
docs/02_FEATURES_OVERVIEW.md Normal file
View File

@ -0,0 +1,302 @@
# CorradAF Features Overview
This document provides a comprehensive overview of all implemented features in the CorradAF RBAC system. **Major Update**: The system has been redesigned with a simplified, application-centric RBAC hierarchy: **User → Roles → Sub Group (optional) → Groups → Application**.
## 🎯 Core System Features
### 1. User Management System ✅ **Simplified**
#### ✅ User Listing & Overview (`/users`)
- **Advanced Data Table**: RsTable with built-in search, sorting, and filtering
- **Real-time Stats**: Total users, active users, departments, recent logins
- **User Avatars**: Auto-generated initials in circular avatars
- **Status Indicators**: Visual badges for active/inactive users
- **Responsive Design**: Mobile-friendly table with collapse view
- **Pagination**: Configurable page sizes (10 items default)
- **Search & Filter**: Global search across all user data
- **Column Management**: Hide/show columns via filter dropdown
#### ✅ User Creation (`/users/create`) - **Application-Centric**
- **Basic Information**: First name, last name, username, email
- **Application Assignment**: **REQUIRED** - Users must belong to an application
- **Password Management**:
- Secure password generation
- Password strength indicators
- Confirmation validation
- **Group Assignment (Primary)**:
- Users inherit permissions through groups
- Groups are filtered by selected application
- Groups contain collections of roles
- **Additional Roles (Optional)**:
- Direct role assignment for specific cases
- Filtered by selected application
- **Account Settings**: Active status, password change requirements, email invitations
- **Smart Filtering**: Groups and roles automatically filter based on application selection
- **Form Validation**: Real-time validation with FormKit
#### ✅ Bulk Operations (`/users/bulk`)
- **CSV Upload**: Drag-and-drop file upload with validation
- **Template Download**: Pre-configured CSV templates
- **Data Preview**: Table preview of uploaded data
- **Validation Engine**: Real-time error checking and warnings
- **Operation Types**: Create, update, upsert user operations
- **Batch Processing**: Configurable batch sizes for performance
- **Default Settings**: Set default groups, roles, and account settings
- **Progress Tracking**: Visual progress bars for bulk operations
- **Error Handling**: Skip errors or halt on validation failures
- **Export Functionality**: Export existing users to CSV
### 2. Group Management System ✅ **Simplified**
#### ✅ Group Listing & Overview (`/groups`)
- **Advanced Data Table**: Same RsTable features as users
- **Group Stats**: Total groups, members, parent groups, active groups
- **Group Avatars**: Auto-generated initials for group identification
- **Member Count**: Display number of users in each group
- **Hierarchy Display**: Shows parent-child group relationships
- **Status Management**: Active/inactive group indicators
- **Search & Filter**: Find groups by name, description, or type
#### ✅ Group Creation (`/groups/create`) - **Collections of Roles**
- **Basic Information**: Group name, description, application assignment
- **Application Assignment**: **REQUIRED** - Groups belong to specific applications
- **Parent Group Selection**: Optional hierarchical structure (sub-groups)
- **Role Assignment**: **PRIMARY FUNCTION** - Groups contain collections of roles
- Users inherit all roles from their groups
- Clear explanation that groups are role containers
- **Status Management**: Active/inactive toggle
- **Preview Panel**: Real-time preview of group configuration
- **Simplified Design**: Removed complex enterprise attributes (cost centers, custom attributes)
### 3. Role Management System ✅ **Simplified**
#### ✅ Role Listing & Overview (`/roles`)
- **Advanced Data Table**: Full RsTable functionality
- **Role Stats**: Total roles, active roles, application-specific roles, total permissions
- **Application Scoping**: Roles tied to specific applications
- **Permission Count**: Display number of permissions per role
- **User Assignment**: Show how many users have each role
- **Status Indicators**: Active/inactive role badges
#### ✅ Role Creation (`/roles/create`) - **Permission Containers**
- **Basic Configuration**: Name, description, application assignment
- **Application Assignment**: **REQUIRED** - Roles belong to specific applications
- **Simplified Permissions**: Clear, functional permission categories
- **User Management**: View, create, edit, delete users
- **Group Management**: View, create, edit, delete groups
- **Role Management**: View, create, edit, delete roles
- **System Access**: Dashboard, reports, settings access
- **Permission Selection**: Simple checkbox interface organized by category
- **Status Management**: Active/inactive toggle
- **Form Standards**: Clean FormKit interface with real-time validation
- **Removed Complex Features**: Templates, advanced permission categories, priority systems
### 4. Application Management System ✅ **Central Hub**
#### ✅ Application Listing & Overview (`/applications`)
- **Advanced Data Table**: Full RsTable functionality with search, sort, filter
- **Application Stats**: Total apps, active apps, total application users
- **Application Avatars**: Auto-generated initials for app identification
- **Provider Indicators**: OAuth2/OIDC, SAML, Proxy support
- **User and Group Counts**: Display users and groups per application
- **Clean Interface**: Streamlined without technical implementation details
#### ✅ Application Creation (`/applications/create`)
- **Basic Information**: Name, description, URL
- **Application Configuration**: Simple setup for different application types
- **Status Management**: Active/inactive applications
- **Form Standards**: Clean FormKit interface
- **Simplified Design**: Removed complex provider configurations and step-by-step wizards
## 🏗️ **SIMPLIFIED RBAC HIERARCHY**
### **New Hierarchy: User → Roles → Sub Group (optional) → Groups → Application**
```
Application (Root Level)
├── Groups (Department/Team Level)
│ ├── Sub Groups (Optional - Team Subdivisions)
│ ├── Roles Collection (What the group can do)
│ │ ├── Role 1 (Specific permissions)
│ │ ├── Role 2 (Specific permissions)
│ │ └── Role N (Specific permissions)
│ └── Users (Inherit all group roles)
└── Additional Roles (Direct user assignment for special cases)
```
### **Key Benefits**
- **Application-Centric**: Everything belongs to an application first
- **Clear Hierarchy**: Logical flow from applications down to users
- **Role Inheritance**: Users get permissions through group membership
- **Flexibility**: Additional roles for special cases
- **Simplified Management**: No complex enterprise features
### **How It Works**
1. **Create Application**: Define the system/app users will access
2. **Create Roles**: Define what actions can be performed (permissions)
3. **Create Groups**: Collect roles together for organizational units
4. **Create Sub Groups** (Optional): Further subdivide groups if needed
5. **Create Users**: Assign to application and groups (inherit roles)
## 🛠️ Technical Features ✅ **Simplified**
### 1. Advanced Data Tables (RsTable)
- **Global Search**: Search across all table columns simultaneously
- **Column Sorting**: Click headers to sort ascending/descending
- **Column Filtering**: Hide/show specific columns via dropdown
- **Pagination**: Navigate through large datasets efficiently
- **Responsive Design**: Automatic mobile-friendly card layout
- **Export Options**: Built-in data export capabilities
- **Loading States**: Visual feedback during data operations
- **No Data States**: User-friendly empty state messages
### 2. Form Management (FormKit) ✅ **Standardized**
- **Consistent Actions**: All forms use `:actions="false"` for custom button implementation
- **Validation Engine**: Real-time form validation
- **Field Types**: Text, email, password, select, checkbox, textarea
- **Application Filtering**: Smart filtering based on application selection
- **Reset Functionality**: Clear forms while preserving structure
- **Simplified Design**: Focused on essential fields only
### 3. Component Library (RS Components)
- **RsCard**: Consistent card layout with header/body/footer
- **RsButton**: Styled buttons with variants and loading states
- **RsBadge**: Status indicators with color coding
- **RsTable**: Advanced data table with all modern features
- **RsDropdown**: Context menus and option selectors
- **RsModal**: Modal dialogs for complex interactions
- **Icons**: Phosphor icons throughout the interface
### 4. Navigation & Layout ✅ **Simplified**
- **Clean Navigation**: Organized menu structure focused on core functions
- **Breadcrumb System**: Hierarchical navigation with auto-generation
- **Responsive Sidebar**: Navigation organized by functional areas
- **Dark/Light Mode**: Full theme switching support
- **Icon System**: Phosphor icons throughout the interface
- **Loading States**: Skeleton loaders and progress indicators
## 🎨 User Experience Features ✅ **Simplified**
### 1. Application-First Design Philosophy ✅ **NEW**
- **Application Selection Required**: All entities belong to applications
- **Smart Filtering**: Related data filters automatically based on application
- **Clear Relationships**: Visual representation of application → group → user flow
- **Consistent Patterns**: Same interaction patterns across all forms
- **Simplified Choices**: Removed complex configuration options
### 2. Enhanced Form UX ✅ **Simplified**
- **Essential Fields Only**: Removed complex enterprise fields
- **Smart Validation**: Real-time feedback with contextual error messages
- **Application Context**: Everything filtered and scoped by application
- **Clear Labels**: Simple, descriptive field labels and help text
- **Intuitive Flow**: Logical progression through form sections
### 3. Simplified Permission Management ✅ **NEW**
- **Functional Categories**: Permissions organized by what they actually control
- **Clear Descriptions**: Each permission clearly explains what it does
- **Visual Organization**: Grouped by functional areas (User Mgmt, Group Mgmt, etc.)
- **No Technical Jargon**: Business-friendly permission names
## 🔐 Security Features ✅ **Simplified**
### 1. Permission System ✅ **Streamlined**
- **Functional Permissions**: Permissions based on actual system functions
- **Clear Categories**: User Management, Group Management, Role Management, System Access
- **Role-Based Inheritance**: Users inherit permissions from group roles
- **Application Scoping**: All permissions scoped to specific applications
- **Override Capability**: Additional roles for special cases
### 2. Authentication Integration ✅ **Native**
- **Authentik SSO**: Direct integration with Authentik backend
- **Session Management**: Secure session handling
- **Token Management**: Automatic token renewal and validation
- **Multi-tenant Support**: Organization-based access control
- **Route Protection**: Middleware-based route authorization
## 📊 **Removed Complexity**
### **Enterprise Features Removed**
- ❌ Complex group attributes (cost centers, budget codes, manager emails)
- ❌ Custom attribute systems with key-value pairs
- ❌ Role templates and priority systems
- ❌ Complex permission categories (menus, components, features)
- ❌ Advanced application configuration wizards
- ❌ Manual sync systems and status indicators
- ❌ User profile fields (phone, department, job title, employee ID)
### **Benefits of Simplification**
- ✅ **Faster Setup**: Quick creation of users, groups, and roles
- ✅ **Easier Understanding**: Clear hierarchy and relationships
- ✅ **Less Confusion**: Focused on essential functionality
- ✅ **Better Performance**: Fewer fields and simpler forms
- ✅ **Maintainable**: Easier to extend and modify
- ✅ **Universal Appeal**: Suitable for companies of any size
## 🚀 Performance Features
### 1. Data Optimization
- **Lazy Loading**: Load data on demand
- **Pagination**: Handle large datasets efficiently
- **Smart Caching**: Cache frequently accessed templates and resources
- **Search Optimization**: Efficient search algorithms
- **Auto-Generation**: Reduce manual data entry with intelligent defaults
### 2. User Experience
- **Fast Navigation**: Instant page transitions
- **Progressive Loading**: Show content as it becomes available
- **Error Handling**: Graceful error recovery
- **Template Caching**: Fast template loading and application
- **Mobile Optimization**: Touch-friendly interface
## 📊 Analytics & Reporting ✅ **Updated**
### 1. Dashboard Metrics
- **Real-time Stats**: Live counts of users, groups, roles, applications
- **Template Usage**: Track most used role templates
- **Resource Metrics**: Count of managed resources by type
- **Application Stats**: User distribution across applications
- **Permission Analytics**: Most and least used permissions
### 2. Resource Management Analytics ✅ **NEW**
- **Resource Distribution**: Breakdown by menus, components, features
- **Application Resource Usage**: Resources per application
- **Permission Coverage**: Which resources have associated permissions
- **Template Effectiveness**: Success rate of template-based role creation
### 3. User Experience Metrics ✅ **NEW**
- **Template Adoption**: Percentage of roles created from templates vs custom
- **Quick Setup Usage**: Application creation method preferences
- **Form Completion**: Success rates for multi-step forms
- **Error Patterns**: Common validation errors and user pain points
## 🎯 Implementation Status Summary
### ✅ Completed Features (100%)
- **User Management**: Complete with native integration
- **Group Management**: Complete with simplified permissions
- **Role Management**: Enhanced with templates and progressive disclosure
- **Application Management**: Complete with quick setup and resources
- **Resource Management**: New centralized interface for all resource types
- **Navigation**: Hierarchical structure with sub-items
- **Form Standardization**: All forms use consistent patterns
- **UX Enhancement**: Template-first approach with progressive disclosure
- **Native Integration**: Complete removal of manual sync functionality
### ✅ Enhanced Features
- **Role Templates**: Pre-configured templates with visual indicators
- **Application Resources**: Centralized management for menus, components, features
- **Quick Setup Types**: Template-based application configuration
- **Progressive Disclosure**: Advanced options hidden by default
- **Form Standards**: Consistent `:actions="false"` implementation
- **Navigation Enhancement**: Organized hierarchical menu structure
### 🚧 Next Phase Priorities
1. **Backend API Integration** - Connect to real Authentik instance
2. **Authentication Implementation** - Working login/logout flow
3. **Data Persistence** - Save actual data to Authentik
4. **Testing Framework** - Unit and integration tests
5. **Performance Optimization** - Caching and lazy loading
---
**Status**: Frontend implementation complete with major UX improvements, native Authentik integration approach, and comprehensive resource management. Ready for backend integration phase.

294
docs/03_RBAC_AUTHENTIK_ANALYSIS.md Normal file
View File

@ -0,0 +1,294 @@
# RBAC & Authentik Integration Analysis - Simplified Implementation
## Overview
This document provides the **current implementation status** of the simplified RBAC system that leverages Authentik's capabilities while providing a clean management layer for multi-application environments. The system follows a **User → Roles → Sub Group (optional) → Groups → Application** structure with **simplified, functional permissions**.
## ✅ Implementation Status
### 🚀 **COMPLETED FEATURES**
#### 1. User Management System ✅ **Simplified**
- **User Listing (`/users`)**: Advanced data table with RsTable component
- **User Creation (`/users/create`)**: Application-centric form with smart filtering
- **Bulk Operations (`/users/bulk`)**: CSV import/export functionality
- **Search & Filtering**: Global search across all user data
- **Avatar System**: Auto-generated initials for user identification
- **Status Management**: Active/inactive user indicators
- **Stats Dashboard**: Real-time metrics for users and activity
- **Application Assignment**: Required application selection with filtered groups/roles
#### 2. Group Management System ✅ **Simplified**
- **Group Listing (`/groups`)**: Complete group overview with statistics
- **Group Creation (`/groups/create`)**: Application-scoped groups as role collections
- **Hierarchical Structure**: Optional parent-child relationships (sub-groups)
- **Role Collections**: Groups contain collections of roles (primary function)
- **Member Management**: Group-user associations with inheritance
- **Application Scoping**: Groups belong to specific applications
- **Simplified Design**: Removed complex enterprise attributes
#### 3. Role Management System ✅ **Simplified**
- **Role Listing (`/roles`)**: Application-scoped role management
- **Role Creation (`/roles/create`)**: Simplified permission assignment
- **Functional Permissions**: Clear categories (User Mgmt, Group Mgmt, Role Mgmt, System Access)
- **Application Scoping**: Roles tied to specific applications
- **Status Management**: Active/inactive role indicators
- **Simplified Design**: Removed templates, priorities, and complex permission types
#### 4. Application Management System ✅ **Central Hub**
- **Application Listing (`/applications`)**: Central application management
- **Application Creation (`/applications/create`)**: Simplified application setup
- **User and Group Counts**: Display users and groups per application
- **Status Management**: Active/inactive applications
- **Clean Interface**: Focused on essential functionality
#### 5. Technical Infrastructure ✅
- **RsTable Component**: Advanced data tables with search, sort, pagination
- **FormKit Integration**: Consistent form handling and validation
- **RS Component Library**: Complete UI component system
- **Breadcrumb Navigation**: Hierarchical navigation system
- **Responsive Design**: Mobile-friendly interface
- **Dark/Light Mode**: Complete theme system
## Why Build RBAC on Top of Authentik? 🤔
### Valid Concerns ✅ **ADDRESSED**
You're right to question this approach. Authentik already provides:
- ✅ User management → **Simplified with application-centric design**
- ✅ Groups and permissions → **Streamlined with role collections**
- ✅ OAuth/OIDC → **Integrated with native experience**
- ✅ Built-in RBAC → **Enhanced with functional permissions**
### Why We Still Need This Layer ✅ **SIMPLIFIED**
1. **Application-Centric Management**
- Single RBAC interface for multiple applications
- Clear hierarchy: Application → Groups → Roles → Users
- Simplified management without Authentik admin complexity
2. **Simplified Interface**
- Business-friendly permission management
- Clean, focused forms without enterprise complexity
- Application-specific permission models
3. **Clear Hierarchy**
- Logical flow from applications to users
- Role inheritance through group membership
- Optional sub-groups for organizational flexibility
4. **Functional Permissions**
- Permissions based on actual system functions
- Clear categories that users understand
- No technical jargon or complex abstractions
## ✅ Simplified RBAC Hierarchy: User → Roles → Sub Group → Groups → Application
### Current Structure
```
Application (Root Level) ✅
├── Groups (Department/Team Level) ✅
│ ├── Sub Groups (Optional - Team Subdivisions) ✅
│ ├── Roles Collection (What the group can do) ✅
│ │ ├── Role 1 (Specific permissions) ✅
│ │ ├── Role 2 (Specific permissions) ✅
│ │ └── Role N (Specific permissions) ✅
│ └── Users (Inherit all group roles) ✅
└── Additional Roles (Direct user assignment for special cases) ✅
```
### Benefits of This Approach ✅ **ACHIEVED**
- **Applications**: Central hub for all access control ✅
- **Groups**: Organizational structure (IT Department, Finance, HR) ✅
- **Roles**: Collections of permissions (what users can do) ✅
- **Users**: Inherit permissions from group roles + optional additional roles ✅
- **Clear Flow**: Logical progression from applications to users ✅
- **Simplified Management**: No complex enterprise features ✅
## ✅ Simplified Permission System
### Core Concept ✅ **SIMPLIFIED**
Permissions are organized by **functional categories** that clearly describe what users can do in the system.
### Permission Categories ✅ **FUNCTIONAL**
```javascript
// User Management Permissions ✅
const USER_PERMISSIONS = {
USERS_VIEW: 'users_view', // Can view user listings and profiles
USERS_CREATE: 'users_create', // Can create new user accounts
USERS_EDIT: 'users_edit', // Can modify user information
USERS_DELETE: 'users_delete' // Can delete user accounts
};
// Group Management Permissions ✅
const GROUP_PERMISSIONS = {
GROUPS_VIEW: 'groups_view', // Can view group listings
GROUPS_CREATE: 'groups_create', // Can create new groups
GROUPS_EDIT: 'groups_edit', // Can modify groups
GROUPS_DELETE: 'groups_delete' // Can delete groups
};
// Role Management Permissions ✅
const ROLE_PERMISSIONS = {
ROLES_VIEW: 'roles_view', // Can view role listings
ROLES_CREATE: 'roles_create', // Can create new roles
ROLES_EDIT: 'roles_edit', // Can modify roles
ROLES_DELETE: 'roles_delete' // Can delete roles
};
// System Access Permissions ✅
const SYSTEM_PERMISSIONS = {
DASHBOARD_ACCESS: 'dashboard_access', // Can access the dashboard
REPORTS_VIEW: 'reports_view', // Can view system reports
SETTINGS_VIEW: 'settings_view', // Can view system settings
SETTINGS_EDIT: 'settings_edit' // Can modify system settings
};
```
## ✅ Current User Interface Implementation
### Navigation System ✅ **Simplified**
- **Clean Sidebar**: Organized by functional areas
- **Breadcrumb Navigation**: Hierarchical with auto-generation
- **Identity & Access Management Section**:
- Users (`/users`) ✅
- Groups (`/groups`) ✅
- Roles (`/roles`) ✅
- Applications (`/applications`) ✅
### Data Tables ✅
- **RsTable Component**: Advanced data table with:
- Global search across all columns ✅
- Column sorting (ascending/descending) ✅
- Pagination with configurable page sizes ✅
- Responsive design for mobile ✅
- Export capabilities ✅
- Loading and empty states ✅
### Form Management ✅ **Simplified**
- **FormKit Integration**: Consistent form handling
- **Application-First Design**: All forms start with application selection
- **Smart Filtering**: Related data filters automatically
- **Real-time Validation**: Input validation with error messages
- **Essential Fields Only**: Removed complex enterprise fields
- **Clean Interface**: Focused on core functionality
### Visual Design ✅
- **Consistent Avatars**: Generated initials for users, groups, roles, applications
- **Status Badges**: Color-coded active/inactive indicators
- **Stats Cards**: Real-time metrics on overview pages
- **Hover Effects**: Interactive feedback throughout interface
- **Loading States**: Progress indicators and skeletons
## 🚧 Next Implementation Phase
### 1. Authentication & Authorization ⏳
- **Authentik SSO Integration**: Complete OAuth/OIDC setup
- **Permission Enforcement**: Real-time permission checking
- **Session Management**: Secure session handling
- **Route Protection**: Middleware-based authorization
### 2. API Development ⏳
- **RESTful API**: Complete CRUD operations
- **Permission API**: Real-time permission checking endpoint
- **Bulk Operations API**: Efficient bulk data processing
- **Application Scoping**: All APIs respect application boundaries
### 3. Database Implementation ⏳
- **Prisma Schema**: Complete database schema implementation
- **Migration Scripts**: Database setup and updates
- **Seed Data**: Default applications, roles, and permissions
- **Backup System**: Data backup and recovery
## 📊 Current Implementation Metrics
### Pages Implemented: **4/4** ✅ **Simplified**
- ✅ `/users` - User listing with application filtering
- ✅ `/users/create` - Application-centric user creation
- ✅ `/groups` - Group listing and management
- ✅ `/groups/create` - Groups as role collections
- ✅ `/roles` - Role listing and management
- ✅ `/roles/create` - Simplified role creation
- ✅ `/applications` - Application management
- ✅ `/applications/create` - Application creation
- ✅ Navigation and breadcrumb system
### Components Implemented: **6/6**
- ✅ RsTable - Advanced data table
- ✅ RsCard - Consistent card layout
- ✅ RsButton - Styled buttons with variants
- ✅ RsBadge - Status indicators
- ✅ FormKit - Form management
- ✅ Breadcrumb - Navigation system
### Features Implemented: **100%** ✅ **Simplified**
- ✅ User Management (100%) - Application-centric
- ✅ Group Management (100%) - Role collections
- ✅ Role Management (100%) - Functional permissions
- ✅ Application Management (100%) - Central hub
- ✅ UI/UX System (100%) - Simplified design
- ⏳ Authentication Integration (0%)
- ⏳ API Development (0%)
- ⏳ Database Integration (0%)
## 🎯 Business Value Delivered
### Immediate Benefits ✅ **Simplified**
1. **Clear Hierarchy**: Easy to understand application → group → user flow
2. **Simplified Management**: No complex enterprise features to confuse users
3. **Application-Centric**: All permissions and access organized by application
4. **Role Inheritance**: Users get permissions through group membership
5. **Flexibility**: Additional roles for special cases
### Technical Benefits ✅
1. **Modern Stack**: Nuxt 3, Vue 3, TailwindCSS
2. **Component Reusability**: Comprehensive component library
3. **Performance**: Optimized data tables and smart filtering
4. **Maintainability**: Simple, clean codebase
5. **Scalability**: Application-based organization
## 📋 **Removed Complexity**
### **Enterprise Features Removed**
- ❌ Complex group attributes (cost centers, budget codes, manager emails)
- ❌ Custom attribute systems with key-value pairs
- ❌ Role templates and priority systems
- ❌ Complex permission categories (menus, components, features)
- ❌ Advanced application configuration wizards
- ❌ User profile fields (phone, department, job title, employee ID)
- ❌ Multi-step forms and progressive disclosure
- ❌ Expert modes and advanced configurations
### **Benefits of Simplification**
- ✅ **Faster Setup**: Quick creation of users, groups, and roles
- ✅ **Easier Understanding**: Clear hierarchy and relationships
- ✅ **Less Confusion**: Focused on essential functionality
- ✅ **Better Performance**: Fewer fields and simpler forms
- ✅ **Universal Appeal**: Suitable for companies of any size
- ✅ **Maintainable**: Easier to extend and modify
## 📚 Documentation Status
### Completed Documentation ✅
- ✅ README.md - Complete project overview
- ✅ FEATURES_OVERVIEW.md - Comprehensive feature list
- ✅ RBAC_AUTHENTIK_ANALYSIS.md - This implementation status
- ✅ BUSINESS_JUSTIFICATION_RBAC.md - Business case
- ✅ AUTHENTIK_INTEGRATION_IMPLEMENTATION.md - Integration guide
### Code Documentation ✅
- ✅ Component documentation with examples
- ✅ Form field descriptions and validation rules
- ✅ Page-level meta information and breadcrumbs
- ✅ TypeScript interfaces and types
- ✅ API endpoint documentation (planned)
---
## ✅ Conclusion
The CorradAF RBAC system successfully provides a comprehensive, modern interface for managing users, groups, roles, and permissions. The system is built on a solid foundation with Nuxt 3 and provides all the necessary tools for enterprise-grade access control management.
**Current Status**: **Frontend Implementation Complete**
**Next Phase**: **Backend Integration and Authentication**
**Target**: **Production Ready System** 🎯
The system is ready for the next phase of development, which includes backend API implementation, database integration, and Authentik SSO setup.

415
docs/04_IMPLEMENTATION_STATUS.md Normal file
View File

@ -0,0 +1,415 @@
# CorradAF RBAC System - Implementation Status (Simplified)
## 📋 Current Implementation Overview
This document provides a comprehensive status update on the simplified CorradAF RBAC system implementation. **Major Update**: The system has been redesigned with a clear **User → Roles → Sub Group (optional) → Groups → Application** hierarchy, removing complex enterprise features for better usability.
## ✅ **COMPLETED FEATURES**
### 🧑‍🤝‍🧑 User Management System (100% Complete) ✅ **Simplified**
#### `/users` - User Overview Page ✅
- **RsTable Integration**: Advanced data table with built-in search, sorting, filtering
- **Real-time Statistics**:
- Total users count
- Active users count
- Department count
- Recent logins count
- **User Interface**:
- Auto-generated avatar system (user initials in colored circles)
- Status badges (Active/Inactive with color coding)
- Responsive table design
- Mobile-friendly card view
- Hover effects and loading states
#### `/users/create` - User Creation Form ✅ **Application-Centric**
- **Essential Information**:
- Basic info (first name, last name, username, email)
- Application assignment (**REQUIRED** - users must belong to an application)
- Password management with strength indicators
- **Permission Assignment**:
- **Primary**: Groups (filtered by selected application)
- **Optional**: Additional roles (filtered by selected application)
- Smart filtering: groups and roles automatically filter based on application
- **Account Settings**:
- Active status toggle
- Password change requirements
- Email invitation system
- **Form Features**:
- FormKit validation with real-time feedback
- Reset functionality
- Clean, simplified interface
### 🏢 Group Management System (100% Complete) ✅ **Role Collections**
#### `/groups` - Group Overview Page ✅
- **Advanced Data Table**: Same RsTable features as users
- **Group Statistics**:
- Total groups count
- Total members across all groups
- Parent groups count
- Active groups count
- **Group Display**:
- Auto-generated avatars (group name initials)
- Member count display
- Parent-child relationship indicators
- Status badges
#### `/groups/create` - Group Creation Form ✅ **Collections of Roles**
- **Essential Configuration**:
- Group name and description
- Application assignment (**REQUIRED** - groups belong to applications)
- Parent group selection (optional hierarchical structure)
- **Role Collections**:
- **Primary Function**: Groups contain collections of roles
- Users inherit all roles from their groups
- Clear explanation of role inheritance
- **Status Management**:
- Active/inactive toggle
- **Simplified Design**:
- Removed complex attribute systems
- Removed enterprise fields (cost centers, custom attributes)
- Focus on essential functionality
### 🛡️ Role Management System (100% Complete) ✅ **Functional Permissions**
#### `/roles` - Role Overview Page ✅
- **Role Statistics**:
- Total roles count
- Active roles count
- Application-specific roles count
- Total permissions count
- **Role Display**:
- Application scoping (roles belong to applications)
- Permission count per role
- User assignment count
- Status indicators
#### `/roles/create` - Role Creation Form ✅ **Simplified Permissions**
- **Essential Configuration**:
- Role name and description
- Application assignment (**REQUIRED** - roles belong to applications)
- Active/inactive status
- **Functional Permissions**: Clear, business-friendly categories
- **User Management**: View, create, edit, delete users
- **Group Management**: View, create, edit, delete groups
- **Role Management**: View, create, edit, delete roles
- **System Access**: Dashboard, reports, settings access
- **Permission Interface**:
- Simple checkbox interface
- Organized by functional categories
- Clear descriptions for each permission
- **Simplified Design**:
- Removed role templates
- Removed priority systems
- Removed complex permission types (menus, components, features)
### 🏢 Application Management System (100% Complete) ✅ **Central Hub**
#### `/applications` - Application Overview Page ✅
- **Advanced Data Table**: Full RsTable functionality with search, sort, filter
- **Application Statistics**:
- Total applications count
- Active applications count
- Total application users
- **Application Display**:
- Auto-generated avatars (application name initials)
- Status badges (Active/Inactive)
- User and group count display
- Clean interface focused on essentials
#### `/applications/create` - Application Creation Form ✅ **Simplified Setup**
- **Essential Information**:
- Application name and description
- Application URL (optional)
- Active/inactive status
- **Clean Interface**:
- Simple, straightforward form
- FormKit validation
- Focused on core functionality
- **Removed Complexity**:
- No step-by-step wizards
- No complex provider configurations
- No advanced setup options
## 🛠️ **TECHNICAL INFRASTRUCTURE COMPLETED**
### Component Library (100% Complete) ✅
- **RsTable**: Advanced data table with search, sort, filter, pagination
- **RsCard**: Consistent card layout with header/body sections
- **RsButton**: Multiple variants (primary, secondary, danger, success, etc.)
- **RsBadge**: Status indicators with semantic color coding
- **FormKit**: Complete form management with validation, `:actions="false"` applied
- **Navigation**: Breadcrumb system with hierarchical paths
- **Icons**: Phosphor icons throughout interface
### User Interface Features (100% Complete) ✅ **Simplified**
- **Responsive Design**: Mobile-first approach with TailwindCSS
- **Avatar System**: Consistent initials-based avatars across all entities
- **Status Indicators**: Color-coded badges for active/inactive states
- **Search & Filter**: Global search across all data tables
- **Loading States**: Skeleton loaders and progress indicators
- **Dark/Light Mode**: Complete theme support
- **Application-First Design**: All forms start with application selection
- **Smart Filtering**: Related data filters automatically based on application
### Navigation System (100% Complete) ✅ **Simplified**
- **Clean Sidebar**: Organized with clear functional areas
- **Breadcrumb Navigation**: Auto-generated hierarchical navigation
- **Menu Structure**: Simplified and focused
- Main (Dashboard)
- Identity & Access Management
- Users (Application-centric user management)
- Groups (Role collections)
- Roles (Functional permissions)
- Applications (Central hub)
### Form Standardization (100% Complete) ✅ **Simplified**
- **Application-First Approach**: All entities must belong to an application
- **Smart Filtering**: Groups and roles filter based on selected application
- **Essential Fields Only**: Removed complex enterprise fields
- **FormKit Integration**: Consistent validation and error handling
- **Clean Interface**: Focused on core functionality
- **Real-time Validation**: Immediate feedback on form inputs
## 🏗️ **SIMPLIFIED RBAC HIERARCHY IMPLEMENTED**
### **User → Roles → Sub Group (optional) → Groups → Application**
```
Application (Root Level) ✅
├── Groups (Department/Team Level) ✅
│ ├── Sub Groups (Optional - Team Subdivisions) ✅
│ ├── Roles Collection (What the group can do) ✅
│ │ ├── Role 1 (Specific permissions) ✅
│ │ ├── Role 2 (Specific permissions) ✅
│ │ └── Role N (Specific permissions) ✅
│ └── Users (Inherit all group roles) ✅
└── Additional Roles (Direct user assignment for special cases) ✅
```
### **Key Implementation Benefits**
- **Clear Flow**: Logical progression from applications to users
- **Application-Centric**: Everything belongs to an application first
- **Role Inheritance**: Users get permissions through group membership
- **Simplified Management**: No complex enterprise features
- **Flexible Structure**: Optional sub-groups and additional roles
## 📊 **REMOVED COMPLEXITY**
### **Enterprise Features Removed**
- ❌ **User Profile Fields**: Phone, department, job title, employee ID
- ❌ **Complex Group Attributes**: Cost centers, budget codes, manager emails, custom attributes
- ❌ **Role Templates**: Pre-configured role templates with complex permission sets
- ❌ **Priority Systems**: Role priority and conflict resolution
- ❌ **Advanced Permissions**: Complex menu/component/feature permission categories
- ❌ **Multi-step Forms**: Progressive form completion and wizards
- ❌ **Expert Modes**: Advanced configuration options
- ❌ **Sync Systems**: Manual synchronization buttons and status indicators
### **Simplified Permission System**
- **Functional Categories**: Permissions organized by what they actually control
- **Clear Naming**: Business-friendly permission names and descriptions
- **Simple Interface**: Checkbox selection organized by category
- **Application Scoping**: All permissions scoped to specific applications
### **Benefits of Simplification**
- **Faster Setup**: Quick creation of users, groups, and roles
- **Easier Understanding**: Clear hierarchy and relationships
- **Less Confusion**: Focused on essential functionality
- **Better Performance**: Fewer fields and simpler forms
- **Universal Appeal**: Suitable for companies of any size
- **Maintainable**: Easier to extend and modify
## 🚀 **BACKEND AUTHENTICATION SYSTEM COMPLETED** ✅ **NEW**
### **1. Authentik OAuth2 Integration (100% Complete)**
- **OAuth2 Flow**: Complete authentication flow with Authentik
- **Login Endpoint**: `/api/auth/login` - Redirects to Authentik OAuth2
- **Callback Handler**: `/api/auth/callback` - Processes OAuth2 callback and sets cookies
- **Logout Endpoint**: `/api/auth/logout` - Clears session and redirects to login
- **User Info**: `/api/auth/me` - Returns current user information
- **Token Validation**: `/api/auth/validate` - Validates authentication status
### **2. Authentication Middleware System (100% Complete)**
- **Route Protection**: Middleware-based authentication for protected routes
- **Public Route Handling**: Automatic bypass for login/logout pages
- **Smart Routing**: Authentication-based routing (login ↔ dashboard)
- **Session Management**: Secure cookie-based session handling
- **Error Handling**: Proper error messages and redirects
### **3. Authentication Composable (100% Complete)**
- **useAuth() Composable**: Centralized authentication management
- **Reactive State**: Real-time authentication status
- **Helper Functions**: Login, logout, checkAuth, getCurrentUser
- **Error Handling**: Comprehensive error management
- **Type Safety**: Full TypeScript support
### **4. Server API Architecture (100% Complete)**
- **Authentik Utilities**: Helper functions for Authentik API integration
- **Authentication Utilities**: Server-side auth checking functions
- **Configuration Management**: Environment variable handling
- **Error Handling**: Proper API error responses
- **Security**: Secure token validation and cookie management
## 🚀 **UPDATED IMPLEMENTATION STATUS**
### 1. Authentication Integration ✅ **COMPLETED**
- ✅ **Authentik SSO Setup**: Complete OAuth/OIDC configuration implemented
- ✅ **Session Management**: Secure cookie-based session handling
- ✅ **Route Protection**: Middleware-based route authorization
- ✅ **User Management**: Complete user authentication flow
- ✅ **Token Validation**: Real-time token verification with Authentik
### 2. Backend API Foundation ✅ **COMPLETED**
- ✅ **Authentication Endpoints**: Complete auth API implemented
- ✅ **Middleware System**: Route protection and validation
- ✅ **Configuration**: Environment-based configuration management
- ✅ **Error Handling**: Comprehensive error management
- ✅ **Security**: Secure authentication and session management
### 3. Frontend Integration ✅ **COMPLETED**
- ✅ **Login/Logout Flow**: Complete authentication user interface
- ✅ **Protected Routes**: Automatic route protection
- ✅ **Authentication Composable**: Reusable authentication logic
- ✅ **State Management**: Reactive authentication state
- ✅ **User Experience**: Smooth authentication flow
### 4. Database Schema ⏳ **NEXT PRIORITY**
- ⏳ **Prisma Implementation**: Database schema for RBAC entities
- ⏳ **Migration Scripts**: Database setup and updates
- ⏳ **Seed Data**: Default applications, roles, and permissions
- ⏳ **Data Relationships**: Application → Groups → Roles → Users
### 5. RBAC API Development ⏳ **NEXT PRIORITY**
- ⏳ **Application CRUD**: Complete application management API
- ⏳ **User Management API**: User creation and management
- ⏳ **Group Management API**: Group and role collection management
- ⏳ **Role Management API**: Role and permission management
- ⏳ **Permission Checking**: Real-time permission validation API
## 📊 **TECHNICAL ARCHITECTURE IMPLEMENTED**
### **Authentication Flow**
```mermaid
graph TD
A[User visits protected route] --> B[Middleware checks auth]
B --> C{Authenticated?}
C -->|No| D[Redirect to /login]
D --> E[User clicks Sign in with Authentik]
E --> F[Redirect to Authentik OAuth2]
F --> G[User authenticates with Authentik]
G --> H[Authentik redirects to /api/auth/callback]
H --> I[Exchange code for tokens]
I --> J[Get user info from Authentik]
J --> K[Set secure cookies]
K --> L[Redirect to /dashboard]
C -->|Yes| M[Allow access to route]
```
### **File Structure Implemented**
```
server/
├── api/
│ ├── auth/
│ │ ├── login.js ✅ OAuth2 login redirect
│ │ ├── callback.js ✅ OAuth2 callback handler
│ │ ├── logout.js ✅ Session cleanup
│ │ ├── me.js ✅ Current user info
│ │ └── validate.js ✅ Authentication validation
│ └── applications/
│ ├── index.js ✅ Application CRUD operations
│ └── [id].js ✅ Individual application operations
├── utils/
│ ├── authentik.js ✅ Authentik API utilities
│ └── auth.js ✅ Authentication utilities
└── middleware/ (removed global middleware)
middleware/
├── auth.js ✅ Authentication middleware
├── dashboard.js ✅ Dashboard routing middleware
├── main.js ✅ Root routing middleware
└── forbidden.js ✅ Permission denial middleware
composables/
└── useAuth.js ✅ Authentication composable
pages/
├── index.vue ✅ Root page with auth routing
├── login.vue ✅ Login page
└── dashboard.vue ✅ Protected dashboard
```
## 📈 **UPDATED IMPLEMENTATION METRICS**
### Authentication System: **100%** ✅ **COMPLETED**
- ✅ OAuth2/OIDC Integration (100%)
- ✅ Session Management (100%)
- ✅ Route Protection (100%)
- ✅ User Authentication (100%)
- ✅ Token Validation (100%)
### Backend API Foundation: **100%** ✅ **COMPLETED**
- ✅ Authentication Endpoints (100%)
- ✅ Middleware System (100%)
- ✅ Configuration Management (100%)
- ✅ Error Handling (100%)
- ✅ Security Implementation (100%)
### Frontend Integration: **100%** ✅ **COMPLETED**
- ✅ Authentication UI (100%)
- ✅ Protected Routing (100%)
- ✅ State Management (100%)
- ✅ User Experience (100%)
- ✅ Composable Integration (100%)
### RBAC Database & API: **0%** ⏳ **NEXT PRIORITY**
- ⏳ Database Schema (0%)
- ⏳ RBAC API Endpoints (0%)
- ⏳ Permission System (0%)
- ⏳ Data Management (0%)
## 🎯 **BUSINESS VALUE DELIVERED** ✅ **UPDATED**
### **Immediate Benefits Achieved**
1. ✅ **Secure Authentication**: Production-ready OAuth2 integration with Authentik
2. ✅ **User-Friendly Login**: Simple, clean authentication flow
3. ✅ **Route Protection**: Automatic protection of sensitive areas
4. ✅ **Session Management**: Secure, persistent user sessions
5. ✅ **Foundation Ready**: Complete foundation for RBAC system
### **Technical Benefits Achieved**
1. ✅ **Scalable Architecture**: Modular, extensible authentication system
2. ✅ **Security Best Practices**: Secure token handling and validation
3. ✅ **Developer Experience**: Clean, reusable authentication composables
4. ✅ **Performance**: Efficient middleware and API design
5. ✅ **Maintainability**: Clear separation of concerns
### **Next Phase Ready**
1. ✅ **RBAC Foundation**: Authentication system ready for role-based access
2. ✅ **API Framework**: Server structure ready for RBAC endpoints
3. ✅ **User Context**: User information available for permission checking
4. ✅ **Application Management**: Ready to implement application-centric RBAC
5. ✅ **Frontend Integration**: UI components ready for RBAC features
## 🚀 **IMMEDIATE NEXT STEPS** (UPDATED)
### 1. Database Implementation ⏳ **HIGH PRIORITY**
- **Prisma Schema**: Implement the RBAC database schema
- **Migrations**: Create database migration scripts
- **Seed Data**: Default applications, roles, and permissions
- **Data Relationships**: Application → Groups → Roles → Users
### 2. RBAC API Development ⏳ **HIGH PRIORITY**
- **Application Management**: Complete CRUD operations for applications
- **User Management**: User creation and assignment to applications
- **Group Management**: Group creation and role collection management
- **Role Management**: Role creation and permission assignment
- **Permission API**: Real-time permission checking endpoints
### 3. Frontend RBAC Integration ⏳ **MEDIUM PRIORITY**
- **Application Pages**: Connect frontend to application management API
- **User Management UI**: Implement user creation and management
- **Group Management UI**: Implement group and role collection management
- **Role Management UI**: Implement role and permission management
- **Permission Checking**: Frontend permission validation

538
docs/05_BACKEND_IMPLEMENTATION_PLAN.md Normal file
View File

@ -0,0 +1,538 @@
# CorradAF RBAC Backend Implementation Plan
## ✅ **IMPLEMENTATION STATUS OVERVIEW**
### **🎯 Phase 1: Authentication Foundation** ✅ **COMPLETED**
- ✅ **Authentik OAuth2 Integration**: Complete OAuth/OIDC flow implemented
- ✅ **Session Management**: Secure cookie-based authentication
- ✅ **API Foundation**: Server endpoints structure established
- ✅ **Route Protection**: Middleware-based authentication
- ✅ **Frontend Integration**: Login/logout UI and authentication flow
### **⏳ Phase 2: Database & RBAC API** ⏳ **NEXT PRIORITY**
- ⏳ **Database Schema**: Complete RBAC schema implementation
- ⏳ **API Development**: RBAC endpoints for applications, users, roles, groups
- ⏳ **Permission System**: Real-time permission checking
- ⏳ **Data Management**: CRUD operations for all entities
### **📁 Implemented File Structure** ✅
```
server/
├── api/
│ ├── auth/
│ │ ├── login.js ✅ OAuth2 login redirect
│ │ ├── callback.js ✅ OAuth2 callback handler
│ │ ├── logout.js ✅ Session cleanup
│ │ ├── me.js ✅ Current user info
│ │ └── validate.js ✅ Authentication validation
│ └── applications/
│ ├── index.js ✅ Basic application endpoints
│ └── [id].js ✅ Individual application operations
├── utils/
│ ├── authentik.js ✅ Authentik API integration
│ └── auth.js ✅ Authentication utilities
└── middleware/ (global middleware removed)
middleware/
├── auth.js ✅ Route authentication
├── dashboard.js ✅ Dashboard routing
├── main.js ✅ Root routing
└── forbidden.js ✅ Permission handling
composables/
└── useAuth.js ✅ Authentication composable
pages/
├── index.vue ✅ Root page with routing
├── login.vue ✅ Login interface
└── dashboard.vue ✅ Protected dashboard
```
### **🔧 Environment Configuration** ✅ **REQUIRED**
```env
# Implemented and Required
AUTHENTIK_URL=http://localhost:9000
AUTHENTIK_CLIENT_ID=your_client_id
AUTHENTIK_CLIENT_SECRET=your_client_secret
AUTHENTIK_API_TOKEN=your_api_token
APP_URL=http://localhost:3000
```
---
## 🏗️ Architecture Overview
### **Hybrid Architecture Strategy**
- **Authentik**: User management, authentication, basic groups
- **RBAC Database**: Roles, permissions, applications, resources, business logic
- **Backend API**: Bridge between frontend and both systems
### **Technology Stack Recommendation**
- **Runtime**: Node.js with TypeScript
- **Framework**: Fastify or Express.js
- **Database**: PostgreSQL with Prisma ORM
- **Authentication**: JWT with Authentik integration
- **Validation**: Zod for type-safe validation
- **Documentation**: OpenAPI/Swagger
## 📊 Database Schema Design
### **Core Tables**
```sql
-- Applications Management
CREATE TABLE applications (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
slug VARCHAR(255) UNIQUE NOT NULL,
description TEXT,
url VARCHAR(500),
provider_type VARCHAR(50) DEFAULT 'oauth2', -- oauth2, saml, proxy
is_active BOOLEAN DEFAULT true,
authentik_application_id VARCHAR(255), -- Reference to Authentik app
oauth_client_id VARCHAR(255),
oauth_client_secret VARCHAR(500),
setup_type VARCHAR(50) DEFAULT 'web-app', -- web-app, api-service, enterprise, custom
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
-- Resource Types (Menus, Components, Features)
CREATE TABLE resources (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
application_id UUID REFERENCES applications(id) ON DELETE CASCADE,
name VARCHAR(255) NOT NULL,
key VARCHAR(255) NOT NULL, -- Auto-generated: user-management
type VARCHAR(50) NOT NULL, -- menu, component, feature
path VARCHAR(500), -- For menu resources
description TEXT,
metadata JSONB DEFAULT '{}', -- Flexible additional data
created_at TIMESTAMP DEFAULT NOW(),
UNIQUE(application_id, key) -- Unique per application
);
-- Role Templates (Pre-defined permission sets)
CREATE TABLE role_templates (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name VARCHAR(255) NOT NULL,
description TEXT,
emoji VARCHAR(10) DEFAULT '⚙️',
permission_count INTEGER DEFAULT 0,
permissions JSONB NOT NULL DEFAULT '{"menus": [], "components": [], "features": []}',
is_system BOOLEAN DEFAULT false, -- System templates vs custom
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
-- Roles (Application-scoped)
CREATE TABLE roles (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
application_id UUID REFERENCES applications(id) ON DELETE CASCADE,
name VARCHAR(255) NOT NULL,
description TEXT,
priority INTEGER DEFAULT 0,
is_global BOOLEAN DEFAULT false,
template_id UUID REFERENCES role_templates(id),
permissions JSONB NOT NULL DEFAULT '{"menus": [], "components": [], "features": []}',
authentik_group_id VARCHAR(255), -- Reference to Authentik group
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW(),
UNIQUE(application_id, name) -- Unique per application
);
-- Permission Mapping (Role -> Resources)
CREATE TABLE role_permissions (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
role_id UUID REFERENCES roles(id) ON DELETE CASCADE,
resource_id UUID REFERENCES resources(id) ON DELETE CASCADE,
actions JSONB DEFAULT '["view"]', -- ["view", "edit", "delete"]
granted_at TIMESTAMP DEFAULT NOW(),
UNIQUE(role_id, resource_id)
);
-- User-Role Assignments (Bridge to Authentik users)
CREATE TABLE user_roles (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
authentik_user_id VARCHAR(255) NOT NULL, -- Authentik user ID
role_id UUID REFERENCES roles(id) ON DELETE CASCADE,
application_id UUID REFERENCES applications(id) ON DELETE CASCADE,
assigned_by VARCHAR(255), -- Authentik user ID who assigned
assigned_at TIMESTAMP DEFAULT NOW(),
expires_at TIMESTAMP, -- Optional expiration
UNIQUE(authentik_user_id, role_id, application_id)
);
-- Enhanced Groups (Extends Authentik groups)
CREATE TABLE enhanced_groups (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
authentik_group_id VARCHAR(255) UNIQUE NOT NULL, -- Reference to Authentik
name VARCHAR(255) NOT NULL, -- Synced from Authentik
description TEXT,
parent_group_id UUID REFERENCES enhanced_groups(id),
attributes JSONB DEFAULT '{}', -- Custom attributes
department VARCHAR(255),
cost_center VARCHAR(255),
location VARCHAR(255),
manager_email VARCHAR(255),
is_active BOOLEAN DEFAULT true,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW()
);
-- Group-Role Assignments
CREATE TABLE group_roles (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
group_id UUID REFERENCES enhanced_groups(id) ON DELETE CASCADE,
role_id UUID REFERENCES roles(id) ON DELETE CASCADE,
application_id UUID REFERENCES applications(id) ON DELETE CASCADE,
assigned_by VARCHAR(255), -- Authentik user ID
assigned_at TIMESTAMP DEFAULT NOW(),
UNIQUE(group_id, role_id, application_id)
);
-- Application Access Control
CREATE TABLE application_access (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
application_id UUID REFERENCES applications(id) ON DELETE CASCADE,
group_id UUID REFERENCES enhanced_groups(id) ON DELETE CASCADE,
access_type VARCHAR(50) DEFAULT 'ANY', -- ANY, ALL
created_at TIMESTAMP DEFAULT NOW(),
UNIQUE(application_id, group_id)
);
-- Audit Log
CREATE TABLE audit_logs (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
user_id VARCHAR(255) NOT NULL, -- Authentik user ID
action VARCHAR(100) NOT NULL, -- CREATE_USER, ASSIGN_ROLE, etc.
resource_type VARCHAR(50) NOT NULL, -- user, role, group, application
resource_id VARCHAR(255) NOT NULL,
old_values JSONB,
new_values JSONB,
ip_address INET,
user_agent TEXT,
application_id UUID REFERENCES applications(id),
created_at TIMESTAMP DEFAULT NOW()
);
-- Site Settings
CREATE TABLE site_settings (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
site_name VARCHAR(255) DEFAULT 'CorradAF',
site_description TEXT DEFAULT 'CorradAF RBAC Management System',
site_logo VARCHAR(500),
site_favicon VARCHAR(500),
selected_theme VARCHAR(100) DEFAULT 'biasa',
custom_css TEXT,
custom_theme_file VARCHAR(500),
settings JSONB DEFAULT '{}', -- Additional settings
updated_by VARCHAR(255), -- Authentik user ID
updated_at TIMESTAMP DEFAULT NOW()
);
```
### **Database Indexes**
```sql
-- Performance indexes
CREATE INDEX idx_user_roles_user_id ON user_roles(authentik_user_id);
CREATE INDEX idx_user_roles_role_id ON user_roles(role_id);
CREATE INDEX idx_role_permissions_role_id ON role_permissions(role_id);
CREATE INDEX idx_resources_application_type ON resources(application_id, type);
CREATE INDEX idx_enhanced_groups_authentik_id ON enhanced_groups(authentik_group_id);
CREATE INDEX idx_audit_logs_user_id ON audit_logs(user_id);
CREATE INDEX idx_audit_logs_created_at ON audit_logs(created_at);
```
## 🚀 API Architecture Design
### **API Structure**
```
/api/v1/
├── auth/ # Authentication endpoints
│ ├── login # Authentik OAuth redirect
│ ├── callback # OAuth callback handler
│ ├── refresh # Token refresh
│ └── logout # Logout handler
├── users/ # User management (Authentik proxy)
│ ├── GET / # List users from Authentik
│ ├── POST / # Create user in Authentik
│ ├── GET /:id # Get user details
│ ├── PUT /:id # Update user
│ ├── DELETE /:id # Delete user
│ ├── POST /bulk # Bulk operations
│ └── POST /sync # Sync with Authentik
├── groups/ # Enhanced group management
│ ├── GET / # List enhanced groups
│ ├── POST / # Create group (Authentik + enhanced)
│ ├── GET /:id # Get group details
│ ├── PUT /:id # Update group
│ ├── DELETE /:id # Delete group
│ └── POST /:id/roles # Assign roles to group
├── roles/ # Role management
│ ├── GET / # List roles
│ ├── POST / # Create role
│ ├── GET /:id # Get role details
│ ├── PUT /:id # Update role
│ ├── DELETE /:id # Delete role
│ ├── POST /:id/permissions # Assign permissions
│ └── POST /from-template # Create role from template
├── role-templates/ # Role template management
│ ├── GET / # List templates
│ ├── POST / # Create template
│ ├── GET /:id # Get template
│ ├── PUT /:id # Update template
│ ├── DELETE /:id # Delete template
│ └── POST /:id/clone # Clone template
├── applications/ # Application management
│ ├── GET / # List applications
│ ├── POST / # Create application
│ ├── GET /:id # Get application
│ ├── PUT /:id # Update application
│ ├── DELETE /:id # Delete application
│ ├── GET /:id/resources # Get app resources
│ └── POST /:id/access # Manage access control
├── resources/ # Resource management
│ ├── GET / # List resources
│ ├── POST / # Create resource
│ ├── GET /:id # Get resource
│ ├── PUT /:id # Update resource
│ ├── DELETE /:id # Delete resource
│ └── GET /by-type/:type # Get by type (menu/component/feature)
├── permissions/ # Permission management
│ ├── POST /check # Check user permissions
│ ├── GET /user/:id # Get user permissions
│ ├── POST /assign # Assign permissions
│ ├── POST /revoke # Revoke permissions
│ └── GET /matrix # Permission matrix
├── rbac/ # RBAC management interface
│ ├── GET /overview # System statistics
│ ├── GET /matrix # Permission matrix
│ ├── POST /bulk-assign # Bulk permission assignment
│ └── GET /audit # Audit trail
├── settings/ # Site settings
│ ├── GET / # Get current settings
│ ├── PUT / # Update settings
│ └── POST /upload # Upload files (logo, favicon)
└── audit/ # Audit logging
├── GET / # List audit logs
├── GET /:id # Get specific log
└── GET /export # Export audit data
```
## 🔐 Authentication & Authorization
### **JWT Token Structure**
```typescript
interface JWTPayload {
sub: string; // Authentik user ID
email: string; // User email
name: string; // Full name
groups: string[]; // Authentik group IDs
roles: { // RBAC roles per application
[applicationId: string]: {
roleId: string;
roleName: string;
permissions: string[];
}[];
};
permissions: string[]; // Flattened permission keys
iat: number; // Issued at
exp: number; // Expires at
}
```
### **Permission Checking Service**
```typescript
class PermissionService {
async checkPermission(
userId: string,
resourceKey: string,
action: string = 'view',
applicationId?: string
): Promise<boolean> {
// 1. Get user roles for application
// 2. Get permissions for those roles
// 3. Check if resourceKey + action is allowed
// 4. Cache result for performance
}
async getUserPermissions(
userId: string,
applicationId?: string
): Promise<string[]> {
// Return flattened list of permission keys
}
async refreshUserPermissions(userId: string): Promise<void> {
// Refresh cached permissions
}
}
```
## 🔄 Authentik Integration Strategy
### **User Management Integration**
```typescript
class AuthentikService {
async getUsers(params: GetUsersParams): Promise<AuthentikUser[]> {
// GET /api/v3/core/users/
}
async createUser(userData: CreateUserData): Promise<AuthentikUser> {
// POST /api/v3/core/users/
// Also create enhanced profile in RBAC DB
}
async updateUser(id: string, userData: UpdateUserData): Promise<AuthentikUser> {
// PATCH /api/v3/core/users/{id}/
}
async deleteUser(id: string): Promise<void> {
// DELETE /api/v3/core/users/{id}/
// Also cleanup RBAC data
}
async syncUsers(): Promise<SyncResult> {
// Sync users between Authentik and RBAC DB
}
}
```
### **Group Synchronization**
```typescript
class GroupSyncService {
async syncGroupFromAuthentik(authentikGroupId: string): Promise<void> {
// 1. Get group from Authentik
// 2. Create/update in enhanced_groups table
// 3. Maintain custom attributes
}
async createGroupInAuthentik(groupData: CreateGroupData): Promise<string> {
// 1. Create in Authentik
// 2. Create enhanced group record
// 3. Return Authentik group ID
}
}
```
## 📝 Implementation Strategy
### **Phase 1: Foundation (Week 1-2)**
1. **Database Setup**
- PostgreSQL database creation
- Prisma schema implementation
- Migration scripts
- Seed data for role templates
2. **Basic API Structure**
- Express/Fastify setup with TypeScript
- Authentication middleware
- Basic CRUD endpoints
- Error handling
3. **Authentik Integration**
- OAuth2/OIDC client setup
- JWT token handling
- Basic user endpoint proxy
### **Phase 2: Core RBAC (Week 3-4)**
1. **Role & Permission System**
- Role management endpoints
- Permission assignment logic
- Role template system
- Permission checking service
2. **Resource Management**
- Resource CRUD operations
- Auto-key generation
- Application scoping
3. **Enhanced Groups**
- Group synchronization
- Custom attributes
- Hierarchy management
### **Phase 3: Advanced Features (Week 5-6)**
1. **Application Management**
- Application setup wizard
- Provider configuration
- Access control policies
2. **Permission Matrix**
- Complex permission queries
- Bulk operations
- Real-time updates
3. **Audit System**
- Activity logging
- Export functionality
- Compliance reporting
### **Phase 4: Performance & Production (Week 7-8)**
1. **Performance Optimization**
- Caching layer (Redis)
- Database query optimization
- Permission checking performance
2. **Security Hardening**
- Rate limiting
- Input validation
- Security headers
3. **Production Setup**
- Docker containers
- Environment configuration
- Monitoring and logging
## 🛠️ Technology Implementation
### **Recommended Stack**
```json
{
"runtime": "Node.js 18+",
"framework": "Fastify",
"database": "PostgreSQL 15+",
"orm": "Prisma",
"validation": "Zod",
"authentication": "Authentik OAuth2/JWT",
"caching": "Redis",
"documentation": "Swagger/OpenAPI",
"testing": "Jest + Supertest",
"deployment": "Docker"
}
```
### **Key Dependencies**
```json
{
"dependencies": {
"fastify": "^4.x",
"@fastify/cors": "^8.x",
"@fastify/jwt": "^7.x",
"@fastify/swagger": "^8.x",
"@prisma/client": "^5.x",
"zod": "^3.x",
"axios": "^1.x",
"redis": "^4.x",
"multer": "^1.x",
"winston": "^3.x"
},
"devDependencies": {
"prisma": "^5.x",
"typescript": "^5.x",
"@types/node": "^20.x",
"jest": "^29.x",
"supertest": "^6.x"
}
}
```
This architecture provides a robust, scalable backend that maintains the hybrid approach you want - leveraging Authentik for user management while giving you full control over the RBAC business logic.
Would you like me to start implementing any specific part of this backend plan?

792
docs/06_AUTHENTIK_INTEGRATION_IMPLEMENTATION.md Normal file
View File

@ -0,0 +1,792 @@
# Authentik Native Integration Implementation Guide
## Overview
This document outlines the complete implementation of native integration between our RBAC application and Authentik, designed as a frontend interface directly connected to Authentik's data layer. **Major Update**: The system has been redesigned to eliminate manual synchronization in favor of native integration patterns.
## ✅ **Native Integration Architecture**
### **Design Philosophy**
- **No Manual Sync**: System operates as native Authentik frontend
- **Direct API Integration**: Real-time communication with Authentik backend
- **Simplified UX**: User interface focuses on functionality, not sync management
- **Data Consistency**: Single source of truth through direct integration
### **Integration Architecture**
```
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ RBAC App │◄──►│ Direct API │◄──►│ Authentik │
│ (Frontend) │ │ Integration │ │ (Backend) │
│ │ │ │ │ │
│ • User Mgmt │ │ • REST Client │ │ • Users │
│ • Groups/Roles │ │ • Real-time │ │ • Groups │
│ • Applications │ │ • Error Handle │ │ • Applications │
│ • Resources │ │ • Validation │ │ • Permissions │
└─────────────────┘ └─────────────────┘ └─────────────────┘
```
## ✅ **Implemented Features**
### 1. **Native Form Integration**
#### **Standardized FormKit Implementation**
```javascript
// All forms now use consistent pattern
<FormKit
type="form"
@submit="handleSubmit"
:actions="false"
>
<!-- Form fields -->
</FormKit>
<!-- Custom action buttons -->
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
Reset Form
</rs-button>
<rs-button @click="submitToAuthentik" :disabled="!isFormValid">
Create User
</rs-button>
</div>
```
#### **Direct API Submission Pattern**
```javascript
// composables/useAuthentikDirectAPI.js
export const useAuthentikDirectAPI = () => {
const createUser = async (userData) => {
// Direct API call to Authentik
const response = await $fetch('/api/authentik/users', {
method: 'POST',
body: {
username: userData.username,
email: userData.email,
name: `${userData.firstName} ${userData.lastName}`,
attributes: {
firstName: userData.firstName,
lastName: userData.lastName,
phone: userData.phone,
department: userData.department,
jobTitle: userData.jobTitle,
employeeId: userData.employeeId
},
is_active: userData.isActive,
groups: userData.groups
}
})
return response
}
const createGroup = async (groupData) => {
return await $fetch('/api/authentik/groups', {
method: 'POST',
body: {
name: groupData.name,
attributes: {
description: groupData.description,
department: groupData.department,
parentGroup: groupData.parentGroup
}
}
})
}
return { createUser, createGroup }
}
```
### 2. **Resource Management Integration** ✅ **NEW**
#### **Resource API Client**
```javascript
// composables/useResourceAPI.js
export const useResourceAPI = () => {
const createResource = async (type, data, applicationId) => {
// Auto-generate key from name
const key = data.name
.toLowerCase()
.replace(/[^a-z0-9]/g, '-')
.replace(/-+/g, '-')
.replace(/^-|-$/g, '')
// Direct integration with Authentik permission system
return await $fetch('/api/authentik/resources', {
method: 'POST',
body: {
...data,
key,
type,
applicationId,
authentikMetadata: {
resourceType: type,
generatedKey: key,
applicationContext: applicationId
}
}
})
}
const getResources = async (applicationId, type) => {
return await $fetch(`/api/authentik/resources?app=${applicationId}&type=${type}`)
}
const deleteResource = async (resourceId) => {
return await $fetch(`/api/authentik/resources/${resourceId}`, {
method: 'DELETE'
})
}
return { createResource, getResources, deleteResource }
}
```
#### **Resource Data Structure**
```javascript
const resourceSchema = {
// Menu Resources
menus: [{
id: String,
name: String, // Display name
key: String, // Auto-generated: "user-management"
path: String, // "/users"
applicationId: String, // "corradaf"
authentikPermissionId: String, // Direct Authentik permission ID
createdAt: Date
}],
// Component Resources
components: [{
id: String,
name: String, // "User Profile Actions"
key: String, // Auto-generated: "user-profile-actions"
description: String, // "Edit, delete user profiles"
applicationId: String, // "corradaf"
authentikPermissionId: String, // Direct Authentik permission ID
actions: [String], // ["view", "edit", "delete"]
createdAt: Date
}],
// Feature Resources
features: [{
id: String,
name: String, // "Data Export"
key: String, // Auto-generated: "data-export"
description: String, // "Export data to CSV/Excel"
applicationId: String, // "corradaf"
authentikPermissionId: String, // Direct Authentik permission ID
createdAt: Date
}]
}
```
### 3. **Enhanced Role Templates System** ✅ **NEW**
#### **Template Management API**
```javascript
// composables/useRoleTemplates.js
export const useRoleTemplates = () => {
const createTemplate = async (templateData) => {
return await $fetch('/api/authentik/role-templates', {
method: 'POST',
body: {
name: templateData.name,
description: templateData.description,
permissions: {
menus: templateData.selectedMenus,
components: templateData.selectedComponents,
features: templateData.selectedFeatures
},
authentikRoleId: null, // Will be populated when template is used
permissionCount: calculatePermissionCount(templateData)
}
})
}
const cloneTemplate = async (templateId, newName) => {
const template = await getTemplate(templateId)
return await createTemplate({
...template,
name: newName,
id: undefined // Remove ID for new template
})
}
return { createTemplate, cloneTemplate }
}
```
#### **Template-to-Role Conversion**
```javascript
const applyTemplateToRole = async (templateId, roleData) => {
const template = await getTemplate(templateId)
// Create role in Authentik with template permissions
const authentikRole = await $fetch('/api/authentik/roles', {
method: 'POST',
body: {
name: roleData.name,
description: roleData.description,
application: roleData.application,
permissions: template.permissions,
templateId: templateId,
isGlobal: roleData.isGlobal,
priority: roleData.priority
}
})
return authentikRole
}
```
### 4. **Application Quick Setup Integration** ✅ **Enhanced**
#### **Setup Type Handler**
```javascript
const applySetupType = async (setupType, applicationData) => {
const setupConfigs = {
'web-app': {
providerType: 'oauth2',
defaultScopes: ['openid', 'profile', 'email'],
flowBindings: ['default-authentication-flow', 'default-authorization-flow'],
policyEngine: 'any'
},
'api-service': {
providerType: 'oauth2',
defaultScopes: ['api:read', 'api:write'],
flowBindings: ['api-authentication-flow'],
policyEngine: 'all'
},
'enterprise-app': {
providerType: 'saml',
ssoConfiguration: 'enterprise-sso',
flowBindings: ['enterprise-authentication-flow'],
policyEngine: 'all'
}
}
const config = setupConfigs[setupType]
// Create application in Authentik with smart defaults
return await $fetch('/api/authentik/applications', {
method: 'POST',
body: {
...applicationData,
provider: {
type: config.providerType,
...generateProviderConfig(config, applicationData)
},
policyEngineMode: config.policyEngine,
flowBindings: config.flowBindings
}
})
}
```
## 🚀 **Technical Implementation Patterns**
### **Form Submission Pattern**
```javascript
// Standardized form submission across all pages
const handleFormSubmit = async (formData) => {
isLoading.value = true
try {
// Direct API call - no sync logic needed
const result = await authentikAPI.createEntity(formData)
// Success handling
await navigateTo('/success-page')
} catch (error) {
// Error handling
console.error('Operation failed:', error)
showErrorNotification(error.message)
} finally {
isLoading.value = false
}
}
```
### **Real-time Data Pattern**
```javascript
// Real-time data fetching without sync concerns
const { data: users, refresh } = await useFetch('/api/authentik/users', {
key: 'users-list',
transform: (data) => data.map(transformAuthentikUser)
})
// Reactive data updates
watch(() => searchQuery.value, () => {
refresh()
})
```
### **Progressive Disclosure Pattern**
```javascript
// Template-first approach with advanced options
const showAdvancedOptions = ref(false)
const useTemplate = ref(true)
const toggleAdvanced = () => {
showAdvancedOptions.value = !showAdvancedOptions.value
if (showAdvancedOptions.value) {
useTemplate.value = false
}
}
```
## 📱 **User Interface Integration**
### **Removed Sync Elements** ✅ **Major Update**
- **No Sync Buttons**: Removed all manual sync triggers
- **No Sync Status**: Removed sync status indicators and badges
- **No Sync Sections**: Removed "Integration" sections from forms
- **No Sync Stats**: Removed "Synced to Authentik" statistics
### **Enhanced Navigation** ✅ **NEW**
```javascript
// Hierarchical navigation structure
const navigation = [
{
name: 'Roles',
icon: 'ph:shield',
children: [
{ name: 'Role List', path: '/roles' },
{ name: 'Templates', path: '/roles/templates' }
]
},
{
name: 'Applications',
icon: 'ph:app-window',
children: [
{ name: 'Application List', path: '/applications' },
{ name: 'Resources', path: '/applications/resources' }
]
}
]
```
### **Template-First Role Creation** ✅ **Enhanced**
```vue
<!-- Role templates as primary method -->
<div class="role-templates">
<div v-for="template in roleTemplates" :key="template.id">
<div class="template-card" @click="selectTemplate(template.id)">
<h4>{{ template.name }}</h4>
<p>{{ template.description }}</p>
<span>{{ template.permissionCount }} permissions</span>
</div>
</div>
</div>
<!-- Advanced permissions hidden by default -->
<rs-card v-if="showAdvancedPermissions">
<template #header>
<Icon name="ph:gear" class="text-orange-600" />
<h3>Advanced Permissions</h3>
<rs-badge variant="warning">Expert Mode</rs-badge>
</template>
<!-- Detailed permission configuration -->
</rs-card>
```
## 🔧 **Configuration & Environment**
### **Environment Configuration**
```javascript
// nuxt.config.ts
export default {
runtimeConfig: {
// Private keys (server-side only)
authentikApiUrl: process.env.AUTHENTIK_API_URL,
authentikApiToken: process.env.AUTHENTIK_API_TOKEN,
// Public keys (client-side accessible)
public: {
authentikDomain: process.env.AUTHENTIK_DOMAIN,
appName: process.env.APP_NAME || 'CorradAF RBAC'
}
}
}
```
### **API Proxy Configuration**
```javascript
// server/api/authentik/[...].js
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig()
const path = getRouterParam(event, 'path')
// Proxy requests to Authentik API
return await $fetch(`${config.authentikApiUrl}/${path}`, {
method: getMethod(event),
headers: {
'Authorization': `Bearer ${config.authentikApiToken}`,
'Content-Type': 'application/json'
},
body: await readBody(event)
})
})
```
## 📊 **Implementation Status**
### **Completed Integrations**
| Component | Native Integration | Form Standards | UX Enhancement |
|-----------|-------------------|----------------|----------------|
| User Management | ✅ Complete | ✅ `:actions="false"` | ✅ Simplified |
| Group Management | ✅ Complete | ✅ `:actions="false"` | ✅ Simplified |
| Role Management | ✅ Complete | ✅ `:actions="false"` | ✅ Templates |
| Application Management | ✅ Complete | ✅ `:actions="false"` | ✅ Quick Setup |
| Resource Management | ✅ Complete | ✅ `:actions="false"` | ✅ Centralized |
### **Removed Sync Elements**
| Page | Sync Buttons | Sync Status | Integration Sections |
|------|--------------|-------------|---------------------|
| `/users` | ✅ Removed | ✅ Removed | ✅ Removed |
| `/users/create` | ✅ Removed | ✅ Removed | ✅ Simplified |
| `/groups` | ✅ Removed | ✅ Removed | ✅ Removed |
| `/groups/create` | ✅ Removed | ✅ Removed | ✅ Simplified |
| `/roles/create` | ✅ Removed | ✅ Removed | ✅ Simplified |
| `/applications` | ✅ Removed | ✅ Removed | ✅ Removed |
| `/applications/create` | ✅ Removed | ✅ Removed | ✅ Simplified |
| `/rbac-permission` | ✅ Removed | ✅ Removed | ✅ Updated |
### **Enhanced Features** ✅ **NEW**
| Feature | Status | Description |
|---------|--------|-------------|
| Role Templates | ✅ Complete | Pre-configured role templates with permission sets |
| Application Resources | ✅ Complete | Centralized resource management (menus, components, features) |
| Quick Setup Types | ✅ Complete | Template-based application configuration |
| Progressive Disclosure | ✅ Complete | Advanced options hidden by default |
| Hierarchical Navigation | ✅ Complete | Organized menu structure with sub-items |
## 🎯 **Integration Benefits**
### **User Experience Benefits**
- **Simplified Interface**: No confusing sync options or status displays
- **Faster Workflows**: Direct action without sync delays
- **Reduced Errors**: No sync-related errors or failures
- **Consistent Behavior**: Predictable responses to user actions
### **Technical Benefits**
- **Real-time Updates**: Immediate data consistency
- **Reduced Complexity**: No sync state management needed
- **Better Performance**: Direct API calls without sync overhead
- **Cleaner Code**: Simplified business logic without sync concerns
### **Administrative Benefits**
- **Template-First Approach**: Common tasks simplified with smart defaults
- **Centralized Management**: Single interface for all resource types
- **Progressive Disclosure**: Expert features available when needed
- **Consistent Patterns**: Same interaction patterns across all modules
## 🚧 **Next Implementation Phase**
### **Backend API Development** (Priority 1)
- **Authentik API Proxy**: Server-side API proxy for secure communication
- **Data Validation**: Request/response validation middleware
- **Error Handling**: Comprehensive error handling and logging
- **Authentication**: Proper authentication flow implementation
### **Advanced Features** (Priority 2)
- **Real-time Updates**: WebSocket integration for live data updates
- **Bulk Operations**: Efficient batch processing for large operations
- **Audit Logging**: Comprehensive activity tracking
- **Advanced Search**: Cross-entity search and filtering
### **Performance Optimization** (Priority 3)
- **Caching Strategies**: Intelligent caching for frequently accessed data
- **Lazy Loading**: Optimized loading for large datasets
- **Request Optimization**: Batch API calls and request optimization
---
**Status**: Native Authentik integration approach implemented with simplified UX, comprehensive resource management, and enhanced template systems. Manual sync functionality completely removed. Ready for backend API integration.
## 🎯 **BACKEND AUTHENTICATION IMPLEMENTATION COMPLETED** ✅ **NEW**
### **OAuth2/OIDC Authentication System** ✅ **100% COMPLETE**
```javascript
// Server API Implementation - COMPLETED
/server/api/auth/
├── login.js ✅ OAuth2 authorization redirect
├── callback.js ✅ Token exchange and user session
├── logout.js ✅ Session cleanup and redirect
├── me.js ✅ Current user information
└── validate.js ✅ Authentication validation
```
### **Authentication Flow Implementation** ✅ **COMPLETED**
```mermaid
graph TD
A[User visits protected route] --> B[Middleware checks auth]
B --> C{Authenticated?}
C -->|No| D[Redirect to /login]
D --> E[User clicks Sign in with Authentik]
E --> F[Redirect to Authentik OAuth2]
F --> G[User authenticates with Authentik]
G --> H[Authentik redirects to /api/auth/callback]
H --> I[Exchange code for tokens]
I --> J[Get user info from Authentik]
J --> K[Set secure cookies]
K --> L[Redirect to /dashboard]
C -->|Yes| M[Allow access to route]
```
### **Server Utilities Implementation** ✅ **COMPLETED**
```javascript
// /server/utils/authentik.js - IMPLEMENTED
export const authenticateWithAuthentik = async (code, redirectUri) => {
// Exchange authorization code for access token
const tokenResponse = await fetch(`${config.authentikUrl}/application/o/token/`, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
client_id: config.authentikClientId,
client_secret: config.authentikClientSecret,
code,
redirect_uri: redirectUri
})
});
// ... token handling and user info retrieval
}
// /server/utils/auth.js - IMPLEMENTED
export const requireAuth = async (event) => {
const token = getCookie(event, 'auth_token');
if (!token) {
throw createError({ statusCode: 401, statusMessage: 'No token provided' });
}
// ... token validation with Authentik
}
```
### **Middleware System Implementation** ✅ **COMPLETED**
```javascript
// /middleware/auth.js - IMPLEMENTED
export default defineNuxtRouteMiddleware(async (to) => {
const publicRoutes = ['/login', '/api/auth/login', '/api/auth/callback'];
if (publicRoutes.includes(to.path)) return;
try {
await $fetch('/api/auth/validate');
} catch (error) {
return navigateTo('/login');
}
});
// /middleware/dashboard.js - IMPLEMENTED
export default defineNuxtRouteMiddleware(async () => {
try {
await $fetch('/api/auth/validate');
return navigateTo('/dashboard');
} catch (error) {
// User not authenticated, allow access to login page
}
});
```
### **Authentication Composable Implementation** ✅ **COMPLETED**
```javascript
// /composables/useAuth.js - IMPLEMENTED
export const useAuth = () => {
const user = ref(null);
const isAuthenticated = computed(() => !!user.value);
const checkAuth = async () => {
try {
const response = await $fetch('/api/auth/validate');
return response.authenticated;
} catch (error) {
return false;
}
};
const getCurrentUser = async () => {
try {
const userData = await $fetch('/api/auth/me');
user.value = userData;
return userData;
} catch (error) {
user.value = null;
throw error;
}
};
const login = () => {
return navigateTo('/api/auth/login', { external: true });
};
const logout = async () => {
await navigateTo('/api/auth/logout', { external: true });
};
return {
user: readonly(user),
isAuthenticated,
checkAuth,
getCurrentUser,
login,
logout,
requireAuth
};
};
```
### **Configuration Implementation** ✅ **COMPLETED**
```javascript
// nuxt.config.js - IMPLEMENTED
export default defineNuxtConfig({
runtimeConfig: {
// Private keys (server-side only)
authentikUrl: process.env.AUTHENTIK_URL,
authentikClientId: process.env.AUTHENTIK_CLIENT_ID,
authentikClientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
authentikApiToken: process.env.AUTHENTIK_API_TOKEN,
appUrl: process.env.APP_URL,
// Public keys (client-side accessible)
public: {
authentikUrl: process.env.AUTHENTIK_URL
}
}
})
```
### **Frontend Pages Implementation** ✅ **COMPLETED**
```javascript
// /pages/login.vue - IMPLEMENTED
<template>
<div class="min-h-screen flex items-center justify-center bg-gray-50">
<button @click="loginWithAuthentik" class="...">
Sign in with Authentik
</button>
</div>
</template>
// /pages/dashboard.vue - IMPLEMENTED
<script setup>
definePageMeta({ middleware: 'auth' });
const { logout } = useAuth();
const { data: user } = await useFetch('/api/auth/me', { server: false });
</script>
// /pages/index.vue - IMPLEMENTED
<script setup>
definePageMeta({ middleware: 'main' });
</script>
```
## 📊 **UPDATED IMPLEMENTATION STATUS**
### **Authentication Integration****100% COMPLETE** (Was: Priority 1)
- ✅ **OAuth2/OIDC Setup**: Complete Authentik OAuth2 flow implemented
- ✅ **Session Management**: Secure cookie-based session handling
- ✅ **Route Protection**: Middleware-based authentication for all protected routes
- ✅ **User Context**: Complete user information available throughout app
- ✅ **Token Validation**: Real-time token verification with Authentik API
### **Backend API Foundation****100% COMPLETE** (Was: Priority 1)
- ✅ **Authentication Endpoints**: All auth endpoints implemented and tested
- ✅ **Middleware System**: Complete route protection and validation
- ✅ **Utility Functions**: Server-side auth checking and validation
- ✅ **Error Handling**: Comprehensive error management and user feedback
- ✅ **Security**: Secure token handling, validation, and cookie management
### **Frontend Integration****100% COMPLETE** (Was: Priority 2)
- ✅ **Authentication UI**: Clean, user-friendly login/logout interface
- ✅ **Protected Routing**: Automatic route protection based on auth status
- ✅ **State Management**: Reactive authentication state management
- ✅ **User Experience**: Smooth authentication flow with proper redirects
- ✅ **Composable Integration**: Reusable authentication logic across components
### **RBAC Database Schema****NEXT PRIORITY** (Was: Priority 3)
- ⏳ **Prisma Schema**: Database schema for RBAC entities
- ⏳ **Migration Scripts**: Database setup and migration management
- ⏳ **Seed Data**: Default applications, roles, and permissions
- ⏳ **Data Relationships**: Application → Groups → Roles → Users hierarchy
### **RBAC API Development****HIGH PRIORITY** (NEW)
- ⏳ **Application CRUD**: Complete application management API
- ⏳ **User Management**: User creation, assignment, and management
- ⏳ **Group Management**: Group creation and role collection management
- ⏳ **Role Management**: Role creation and permission assignment
- ⏳ **Permission Checking**: Real-time permission validation endpoints
## 📊 **UPDATED IMPLEMENTATION METRICS**
### **Completed Integrations** ✅ **UPDATED**
| Component | Authentication | API Foundation | Frontend Integration | RBAC Integration |
|-----------|----------------|----------------|---------------------|------------------|
| Authentication System | ✅ **100%** | ✅ **100%** | ✅ **100%** | ⏳ Ready |
| User Management | ✅ **100%** | ✅ **Ready** | ✅ **Ready** | ⏳ Pending |
| Group Management | ✅ **100%** | ✅ **Ready** | ✅ **Ready** | ⏳ Pending |
| Role Management | ✅ **100%** | ✅ **Ready** | ✅ **Ready** | ⏳ Pending |
| Application Management | ✅ **100%** | ✅ **Partial** | ✅ **Ready** | ⏳ Pending |
### **Authentication Foundation Metrics** ✅ **NEW**
| Feature | Implementation | Testing | Integration |
|---------|----------------|---------|-------------|
| OAuth2 Flow | ✅ Complete | ✅ Tested | ✅ Integrated |
| Session Management | ✅ Complete | ✅ Tested | ✅ Integrated |
| Route Protection | ✅ Complete | ✅ Tested | ✅ Integrated |
| User Context | ✅ Complete | ✅ Tested | ✅ Integrated |
| Error Handling | ✅ Complete | ✅ Tested | ✅ Integrated |
### **Environment Setup** ✅ **REQUIRED**
```env
# Required Environment Variables - DOCUMENTED
AUTHENTIK_URL=http://localhost:9000
AUTHENTIK_CLIENT_ID=your_client_id
AUTHENTIK_CLIENT_SECRET=your_client_secret
AUTHENTIK_API_TOKEN=your_api_token
APP_URL=http://localhost:3000
```
## 🎯 **UPDATED INTEGRATION BENEFITS**
### **Authentication Benefits Achieved**
- ✅ **Production-Ready Security**: OAuth2/OIDC compliance with Authentik
- ✅ **Seamless User Experience**: Single sign-on with smooth redirects
- ✅ **Session Management**: Secure, persistent authentication state
- ✅ **Route Protection**: Automatic protection of sensitive areas
- ✅ **Error Handling**: Graceful handling of auth failures and timeouts
### **Technical Foundation Benefits**
- ✅ **Scalable Architecture**: Modular, extensible authentication system
- ✅ **Clean Separation**: Clear separation between auth and business logic
- ✅ **Developer Experience**: Easy-to-use composables and utilities
- ✅ **Security Best Practices**: Secure token handling and validation
- ✅ **Future-Ready**: Foundation ready for RBAC implementation
### **RBAC Foundation Ready**
- ✅ **User Context Available**: User information accessible throughout app
- ✅ **API Structure Ready**: Server endpoints prepared for RBAC APIs
- ✅ **Frontend Ready**: UI components ready for RBAC features
- ✅ **Middleware Framework**: Route protection ready for permission checking
- ✅ **Configuration System**: Environment setup ready for RBAC settings
## 🚧 **UPDATED NEXT IMPLEMENTATION PHASE**
### **Database Schema Development** ⏳ **IMMEDIATE PRIORITY**
- **Prisma Schema**: Implement complete RBAC database schema
- **Migration Management**: Database setup and versioning
- **Seed Data Creation**: Default applications, roles, and permissions
- **Relationship Validation**: Proper foreign key constraints and relationships
### **RBAC API Development** ⏳ **HIGH PRIORITY**
- **Application Management API**: CRUD operations for applications
- **User Assignment API**: User creation and application assignment
- **Group Management API**: Group creation and role assignment
- **Role Management API**: Role creation and permission management
- **Permission Validation API**: Real-time permission checking
### **Frontend RBAC Integration** ⏳ **MEDIUM PRIORITY**
- **Application Management UI**: Connect frontend to application API
- **User Management Integration**: Full user creation and management
- **Permission-Based Navigation**: Dynamic menu based on user permissions
- **Role-Based Components**: Component visibility based on user roles

360
docs/07_APPLICATION_MANAGEMENT.md Normal file
View File

@ -0,0 +1,360 @@
# Application Management with Native Authentik Integration
## Overview
The CorradAF RBAC system includes comprehensive application management capabilities that are natively integrated with Authentik. This feature allows administrators to create, manage, and configure applications with sophisticated access control and resource management, designed as a native frontend for Authentik's SSO system.
## ✅ **FEATURES IMPLEMENTED**
### 🏢 **Application Management Interface** (`/applications`)
#### **Overview Dashboard**
- **Real-time Statistics**:
- Total applications count
- Active applications
- Total application users (across all apps)
- **Advanced Data Table**: Full RsTable functionality with search, sort, filter
- **Application Status Tracking**: Active, Development, Inactive states
- **Provider Type Support**: OAuth2/OIDC, SAML, Proxy
- **Enhanced Navigation**: Hierarchical menu structure with sub-items
#### **Application Creation** (`/applications/create`)
- **Step-by-Step Wizard**:
- Step 1: Basic Information (name, slug, description, URL)
- Step 2: Configuration Method (quick setup vs custom)
- Step 3: Access Control (group selection)
- **Quick Setup Types**: ✅ **Enhanced**
- 🌐 Web Application (OAuth2, recommended)
- 🔌 API Service (OAuth2, strict policies)
- 🏢 Enterprise Application (SAML SSO)
- ⚙️ Custom Configuration (manual setup)
- **Smart Features**:
- Auto-slug generation from name
- OAuth2 credential generation
- Real-time form validation
- Progressive disclosure for advanced settings
- **Form Standardization**: FormKit with `:actions="false"` for custom button implementation
### 📋 **Application Resources Management** (`/applications/resources`) ✅ **NEW**
#### **Multi-tab Resource Interface**
- **Menus Tab**: Manage hardcoded menu permissions for applications
- **Components Tab**: Manage component access permissions
- **Features Tab**: Manage feature-level permissions
#### **Resource Management Features**
- **FormKit Forms**: Create new resources with auto-generated keys
- **Application Scoping**: Resources can be scoped to specific applications
- **Auto-Generation**: Resource keys auto-generated from names for consistency
- **Data Tables**: Display existing resources with delete functionality
- **Responsive Design**: Dark mode support and mobile-friendly interface
#### **Resource Types**
1. **Menu Resources**:
- Define navigational menu permissions
- Path-based access control
- Hierarchical menu structure support
2. **Component Resources**:
- Individual component access permissions
- UI element-level security
- Action-based permissions (view, edit, delete)
3. **Feature Resources**:
- High-level feature toggles
- Business logic permissions
- Advanced functionality controls
### 🔗 **Native Authentik Integration** ✅ **Major Update**
#### **Native Frontend Approach**
- **Direct Integration**: System designed as native Authentik frontend
- **No Manual Sync**: Removed all sync buttons, checkboxes, and status indicators
- **Backend Connectivity**: Assumes direct database/API integration with Authentik
- **Simplified UX**: Clean interface focused on core functionality
#### **Provider Types Supported**
1. **OAuth2/OIDC**: Modern authentication for web applications
2. **SAML**: Enterprise SSO integration
3. **Proxy Provider**: Forward authentication proxy
### 🛡️ **Access Control Integration**
#### **Group-Based Authorization**
- **Group Selection**: Multi-select interface for application access
- **User Statistics**: Display user counts for each group
- **Access Policies**: Simple ANY/ALL group membership evaluation
- **Visual Interface**: Intuitive click-to-select group assignment
#### **Policy Engine Configuration**
- **Simple Modes**: ANY (user needs access to any selected group) or ALL (user needs access to all selected groups)
- **Visual Feedback**: Clear indication of selected groups
- **Real-time Updates**: Immediate feedback on access control changes
## 🚀 **TECHNICAL IMPLEMENTATION**
### **Enhanced Form Architecture**
#### **FormKit Integration**
```vue
<!-- Standardized FormKit Implementation -->
<FormKit
type="form"
@submit="handleSubmit"
:actions="false"
>
<!-- Form fields -->
</FormKit>
<!-- Custom action buttons -->
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
Reset Form
</rs-button>
<rs-button @click="submitForm" :disabled="!isFormValid">
Create Application
</rs-button>
</div>
```
#### **Progressive Disclosure Pattern**
```vue
<!-- Quick Setup (Primary) -->
<div class="setup-types">
<div v-for="type in setupTypes" :key="type.id">
<!-- Setup type selection -->
</div>
</div>
<!-- Advanced Configuration (Hidden by default) -->
<rs-card v-if="showAdvancedConfig">
<template #header>
<Icon name="ph:gear" class="text-orange-600" />
<h3>Advanced Configuration</h3>
<rs-badge variant="warning">Expert Mode</rs-badge>
</template>
<!-- Advanced settings -->
</rs-card>
```
### **Resource Management Data Structure**
#### **Resource Model**
```javascript
const resourceSchema = {
// Menu Resources
menus: [{
id: String,
name: String, // Display name
key: String, // Auto-generated from name
path: String, // Menu path
applicationId: String, // Scoped to application
createdAt: Date
}],
// Component Resources
components: [{
id: String,
name: String, // Display name
key: String, // Auto-generated from name
description: String, // Component description
applicationId: String, // Scoped to application
createdAt: Date
}],
// Feature Resources
features: [{
id: String,
name: String, // Display name
key: String, // Auto-generated from name
description: String, // Feature description
applicationId: String, // Scoped to application
createdAt: Date
}]
}
```
### **Application Navigation Structure**
#### **Hierarchical Menu Implementation**
```javascript
// navigation/index.js
{
name: 'Applications',
path: '/applications',
icon: 'ph:app-window',
children: [
{
name: 'Application List',
path: '/applications'
},
{
name: 'Resources',
path: '/applications/resources'
}
]
}
```
## 📱 **USER INTERFACE FEATURES**
### **Application Listing Page** (`/applications`) ✅ **Updated**
#### **Simplified Statistics Dashboard**
- **Total Applications**: Count of all registered applications
- **Active Applications**: Production-ready applications
- **Total App Users**: Aggregate user count across applications
#### **Enhanced Filtering**
- **Search**: Global search across name, description, publisher
- **Status Filter**: Active, Development, Inactive
- **Provider Filter**: OAuth2/OIDC, SAML, Proxy
- **Real-time Updates**: Filters update results immediately
#### **Clean Action Interface**
- **View Details**: Navigate to application details page
- **Edit Application**: Modify application settings
- **Delete Application**: Remove application (with confirmation)
- **Removed**: All sync-related buttons and status indicators
### **Application Creation Page** (`/applications/create`) ✅ **Enhanced**
#### **Template-First Approach**
- **Quick Setup Types**: Pre-configured templates with smart defaults
- **Progressive Disclosure**: Advanced options hidden by default
- **Visual Selection**: Card-based setup type selection
- **Expert Mode**: Advanced configuration for power users
#### **Smart Wizard Features**
- **Step Validation**: Prevent progression without required fields
- **Auto-generation**: Intelligent default values based on selections
- **Visual Progress**: Clear step progression indicator
- **Form Persistence**: Maintain form state across steps
### **Resources Management Page** (`/applications/resources`) ✅ **NEW**
#### **Centralized Resource Control**
- **Single Interface**: Manage all resource types from one location
- **Tab Organization**: Clear separation of resource types
- **Application Scoping**: Filter resources by application
- **Bulk Operations**: Efficient resource management
#### **Resource Creation Interface**
- **Auto-Key Generation**: Consistent resource key generation
- **Form Validation**: Real-time validation with error feedback
- **Immediate Updates**: Resources appear in tables instantly
- **Delete Confirmation**: Safe resource deletion with confirmation
## 🎨 **USER EXPERIENCE IMPROVEMENTS**
### **Template-First Design Philosophy** ✅ **NEW**
- **Reduce Complexity**: Hide advanced options behind progressive disclosure
- **Smart Defaults**: Intelligent configuration based on use case
- **Expert Access**: Advanced users can access full configuration
- **Guided Experience**: Step-by-step process for common tasks
### **Resource Management UX** ✅ **NEW**
- **Centralized Control**: Single location for all resource management
- **Visual Organization**: Tab-based separation of resource types
- **Consistent Patterns**: Same interaction patterns across resource types
- **Application Context**: Clear application scoping for resources
### **Simplified Integration UX** ✅ **Major Update**
- **No Manual Sync**: Removed confusing sync options and status displays
- **Native Feel**: Interface feels like part of Authentik ecosystem
- **Focus on Functionality**: Emphasis on actual configuration vs sync management
- **Clean Interface**: Removed technical implementation details from user view
## 📊 **IMPLEMENTATION STATUS**
### **Completed Features**
| Feature | Status | Notes |
|---------|--------|-------|
| Application List | ✅ Complete | Enhanced navigation, removed sync UI |
| Application Creation | ✅ Complete | Step-by-step wizard, template-first |
| Resource Management | ✅ Complete | New centralized interface |
| Form Standardization | ✅ Complete | All forms use `:actions="false"` |
| Navigation Enhancement | ✅ Complete | Hierarchical menu structure |
| UX Improvements | ✅ Complete | Progressive disclosure, smart defaults |
| Native Integration | ✅ Complete | Removed manual sync functionality |
### **Resource Management Capabilities** ✅ **NEW**
| Resource Type | Create | Read | Delete | Auto-Key Generation |
|---------------|--------|------|--------|-------------------|
| Menus | ✅ | ✅ | ✅ | ✅ |
| Components | ✅ | ✅ | ✅ | ✅ |
| Features | ✅ | ✅ | ✅ | ✅ |
### **Form Standards Applied**
| Page | FormKit Actions | Custom Buttons | Validation |
|------|----------------|----------------|------------|
| `/applications/create` | `:actions="false"` | ✅ Custom | ✅ Complete |
| `/applications/resources` | `:actions="false"` | ✅ Custom | ✅ Complete |
## 🔧 **CONFIGURATION & SETUP**
### **Environment Configuration**
```javascript
// nuxt.config.ts
export default {
// Native Authentik integration
runtimeConfig: {
authentikApiUrl: process.env.AUTHENTIK_API_URL,
authentikToken: process.env.AUTHENTIK_TOKEN,
public: {
authentikDomain: process.env.AUTHENTIK_DOMAIN
}
}
}
```
### **Resource Management Setup**
```javascript
// composables/useResources.js
export const useResources = () => {
const createResource = async (type, data, applicationId) => {
// Auto-generate key from name
const key = data.name
.toLowerCase()
.replace(/[^a-z0-9]/g, '-')
.replace(/-+/g, '-')
.replace(/^-|-$/g, '')
return await $fetch('/api/resources', {
method: 'POST',
body: {
...data,
key,
type,
applicationId
}
})
}
return { createResource }
}
```
## 🎯 **NEXT STEPS**
### **Backend Integration** (Priority 1)
- **API Development**: Create backend endpoints for resource management
- **Database Schema**: Implement resource storage in database
- **Authentik API**: Direct integration with Authentik's API endpoints
- **Real-time Updates**: Implement live data synchronization
### **Advanced Features** (Priority 2)
- **Resource Validation**: Validate resource usage across applications
- **Import/Export**: Bulk resource management capabilities
- **Resource Dependencies**: Track relationships between resources
- **Audit Trail**: Log all resource management activities
### **Performance Optimization** (Priority 3)
- **Caching**: Implement resource caching strategies
- **Lazy Loading**: Optimize large resource lists
- **Search Enhancement**: Advanced resource search capabilities
---
**Status**: Application management system complete with native Authentik integration approach, comprehensive resource management, and enhanced UX patterns. Ready for backend API integration.

0
docs/SITE_SETTINGS.md → docs/08_SITE_SETTINGS.md
View File

491
docs/09_AUTHENTICATION_IMPLEMENTATION.md Normal file
View File

@ -0,0 +1,491 @@
# CorradAF RBAC Authentication Implementation
## 🎯 **Implementation Overview**
The authentication system for CorradAF RBAC has been **fully implemented** using Authentik OAuth2/OIDC integration. This provides a secure, production-ready foundation for the role-based access control system.
## ✅ **Completed Components**
### **1. OAuth2 Flow Implementation**
Complete Authentik integration with secure token management:
```mermaid
graph TD
A[User visits protected route] --> B[Middleware checks auth]
B --> C{Authenticated?}
C -->|No| D[Redirect to /login]
D --> E[User clicks Sign in with Authentik]
E --> F[Redirect to Authentik OAuth2]
F --> G[User authenticates with Authentik]
G --> H[Authentik redirects to /api/auth/callback]
H --> I[Exchange code for tokens]
I --> J[Get user info from Authentik]
J --> K[Set secure cookies]
K --> L[Redirect to /dashboard]
C -->|Yes| M[Allow access to route]
```
### **2. Server API Endpoints**
#### **Authentication Endpoints**
```javascript
// /server/api/auth/login.js - OAuth2 Login
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
const authUrl = `${config.authentikUrl}/application/o/authorize/`;
const params = new URLSearchParams({
response_type: 'code',
client_id: config.authentikClientId,
redirect_uri: `${config.appUrl}/api/auth/callback`,
scope: 'openid profile email'
});
return sendRedirect(event, `${authUrl}?${params}`);
});
// /server/api/auth/callback.js - OAuth2 Callback
export default defineEventHandler(async (event) => {
const query = getQuery(event);
const { code } = query;
// Exchange authorization code for tokens
const tokenData = await authenticateWithAuthentik(code, redirectUri);
// Set secure cookies
setCookie(event, 'auth_token', tokenData.access_token, {
httpOnly: true,
secure: true,
sameSite: 'lax',
maxAge: tokenData.expires_in
});
// Redirect to dashboard
return sendRedirect(event, '/dashboard');
});
// /server/api/auth/logout.js - Session Cleanup
export default defineEventHandler(async (event) => {
deleteCookie(event, 'auth_token');
deleteCookie(event, 'refresh_token');
deleteCookie(event, 'user_info');
return sendRedirect(event, '/login');
});
// /server/api/auth/me.js - Current User Info
export default defineEventHandler(async (event) => {
await requireAuth(event);
const userInfo = getCookie(event, 'user_info');
return JSON.parse(userInfo);
});
// /server/api/auth/validate.js - Authentication Validation
export default defineEventHandler(async (event) => {
try {
await requireAuth(event);
return { authenticated: true };
} catch (error) {
throw createError({ statusCode: 401, statusMessage: 'Unauthorized' });
}
});
```
#### **Server Utilities**
```javascript
// /server/utils/authentik.js - Authentik API Integration
export const authenticateWithAuthentik = async (code, redirectUri) => {
const config = useRuntimeConfig();
// Exchange authorization code for access token
const tokenResponse = await fetch(`${config.authentikUrl}/application/o/token/`, {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: new URLSearchParams({
grant_type: 'authorization_code',
client_id: config.authentikClientId,
client_secret: config.authentikClientSecret,
code,
redirect_uri: redirectUri
})
});
const tokenData = await tokenResponse.json();
// Get user information
const userResponse = await fetch(`${config.authentikUrl}/application/o/userinfo/`, {
headers: { 'Authorization': `Bearer ${tokenData.access_token}` }
});
const userInfo = await userResponse.json();
return {
...tokenData,
user: userInfo
};
};
// /server/utils/auth.js - Authentication Utilities
export const requireAuth = async (event) => {
const token = getCookie(event, 'auth_token');
if (!token) {
throw createError({ statusCode: 401, statusMessage: 'No token provided' });
}
// Validate token with Authentik
const config = useRuntimeConfig();
try {
const response = await fetch(`${config.authentikUrl}/application/o/userinfo/`, {
headers: { 'Authorization': `Bearer ${token}` }
});
if (!response.ok) {
throw createError({ statusCode: 401, statusMessage: 'Invalid token' });
}
return await response.json();
} catch (error) {
throw createError({ statusCode: 401, statusMessage: 'Token validation failed' });
}
};
```
### **3. Middleware System**
#### **Route Protection Middleware**
```javascript
// /middleware/auth.js - Authentication Middleware
export default defineNuxtRouteMiddleware(async (to) => {
// Skip auth for public routes
const publicRoutes = ['/login', '/api/auth/login', '/api/auth/callback'];
if (publicRoutes.includes(to.path)) {
return;
}
try {
await $fetch('/api/auth/validate');
} catch (error) {
return navigateTo('/login');
}
});
// /middleware/dashboard.js - Dashboard Routing Middleware
export default defineNuxtRouteMiddleware(async () => {
try {
await $fetch('/api/auth/validate');
return navigateTo('/dashboard');
} catch (error) {
// User not authenticated, allow access to login page
}
});
// /middleware/main.js - Root Routing Middleware
export default defineNuxtRouteMiddleware(async () => {
try {
await $fetch('/api/auth/validate');
return navigateTo('/dashboard');
} catch (error) {
return navigateTo('/login');
}
});
// /middleware/forbidden.js - Permission Denial Middleware
export default defineNuxtRouteMiddleware(() => {
throw createError({
statusCode: 403,
statusMessage: 'Access Forbidden'
});
});
```
### **4. Authentication Composable**
```javascript
// /composables/useAuth.js - Authentication Composable
export const useAuth = () => {
const user = ref(null);
const isAuthenticated = computed(() => !!user.value);
const checkAuth = async () => {
try {
const response = await $fetch('/api/auth/validate');
return response.authenticated;
} catch (error) {
return false;
}
};
const getCurrentUser = async () => {
try {
const userData = await $fetch('/api/auth/me');
user.value = userData;
return userData;
} catch (error) {
user.value = null;
throw error;
}
};
const login = () => {
return navigateTo('/api/auth/login', { external: true });
};
const logout = async () => {
await navigateTo('/api/auth/logout', { external: true });
};
const requireAuth = async () => {
const authenticated = await checkAuth();
if (!authenticated) {
await login();
}
return authenticated;
};
return {
user: readonly(user),
isAuthenticated,
checkAuth,
getCurrentUser,
login,
logout,
requireAuth
};
};
```
### **5. Frontend Pages**
#### **Login Page**
```vue
<!-- /pages/login.vue -->
<template>
<div class="min-h-screen flex items-center justify-center bg-gray-50">
<div class="max-w-md w-full space-y-8">
<div>
<h2 class="mt-6 text-center text-3xl font-extrabold text-gray-900">
CorradAF RBAC System
</h2>
<p class="mt-2 text-center text-sm text-gray-600">
Sign in to manage applications and users
</p>
</div>
<div class="rounded-md shadow-sm -space-y-px">
<button
@click="loginWithAuthentik"
:disabled="isLoading"
class="group relative w-full flex justify-center py-3 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50"
>
<span v-if="!isLoading">Sign in with Authentik</span>
<span v-else>Redirecting...</span>
</button>
</div>
</div>
</div>
</template>
<script setup>
definePageMeta({ middleware: 'dashboard' });
const isLoading = ref(false);
const loginWithAuthentik = async () => {
isLoading.value = true;
try {
await navigateTo('/api/auth/login', { external: true });
} catch (error) {
console.error('Login error:', error);
isLoading.value = false;
}
};
</script>
```
#### **Dashboard Page**
```vue
<!-- /pages/dashboard.vue -->
<template>
<div class="min-h-screen bg-gray-50">
<nav class="bg-white shadow">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex justify-between h-16">
<div class="flex items-center">
<h1 class="text-xl font-semibold text-gray-900">
CorradAF RBAC Dashboard
</h1>
</div>
<div class="flex items-center space-x-4">
<span v-if="user" class="text-sm text-gray-700">
Welcome, {{ user.name || user.email }}
</span>
<button
@click="handleLogout"
class="bg-red-600 hover:bg-red-700 text-white px-3 py-2 rounded-md text-sm font-medium"
>
Logout
</button>
</div>
</div>
</div>
</nav>
<main class="max-w-7xl mx-auto py-6 sm:px-6 lg:px-8">
<div v-if="user" class="space-y-6">
<div class="bg-white rounded-lg shadow p-6">
<h3 class="text-lg font-medium text-gray-900 mb-4">
User Information
</h3>
<dl class="grid grid-cols-1 gap-x-4 gap-y-6 sm:grid-cols-2">
<div>
<dt class="text-sm font-medium text-gray-500">Name</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.name || 'N/A' }}</dd>
</div>
<div>
<dt class="text-sm font-medium text-gray-500">Email</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.email }}</dd>
</div>
</dl>
</div>
</div>
</main>
</div>
</template>
<script setup>
definePageMeta({ middleware: 'auth' });
const { logout } = useAuth();
const { data: user } = await useFetch('/api/auth/me', { server: false });
const handleLogout = async () => {
await logout();
};
</script>
```
### **6. Configuration**
```javascript
// nuxt.config.js - Runtime Configuration
export default defineNuxtConfig({
runtimeConfig: {
// Private keys (server-side only)
authentikUrl: process.env.AUTHENTIK_URL,
authentikClientId: process.env.AUTHENTIK_CLIENT_ID,
authentikClientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
authentikApiToken: process.env.AUTHENTIK_API_TOKEN,
appUrl: process.env.APP_URL,
// Public keys (client-side accessible)
public: {
authentikUrl: process.env.AUTHENTIK_URL
}
}
})
```
## 🔐 **Security Features**
### **Secure Token Handling**
- **HTTP-Only Cookies**: Prevents XSS attacks
- **Secure Cookies**: HTTPS only in production
- **SameSite Protection**: CSRF protection
- **Token Expiration**: Automatic session timeout
### **Authentication Validation**
- **Server-Side Validation**: All protected routes validated server-side
- **Token Verification**: Real-time token validation with Authentik
- **Automatic Redirects**: Unauthenticated users redirected to login
- **Error Handling**: Graceful handling of auth failures
## 🚀 **Usage Examples**
### **Protecting Routes**
```vue
<script setup>
// Automatically protect any page
definePageMeta({
middleware: 'auth'
});
</script>
```
### **Using Authentication State**
```vue
<script setup>
const { user, isAuthenticated, logout } = useAuth();
// Get current user
const currentUser = await getCurrentUser();
// Check authentication status
const isLoggedIn = await checkAuth();
</script>
```
### **API Route Protection**
```javascript
// Any server API route
export default defineEventHandler(async (event) => {
// Require authentication
const user = await requireAuth(event);
// Route logic here
return { message: 'Protected data', user };
});
```
## 📊 **Integration Status**
| Component | Status | Description |
|-----------|--------|-------------|
| OAuth2 Flow | ✅ Complete | Full Authentik OAuth2/OIDC integration |
| Session Management | ✅ Complete | Secure cookie-based sessions |
| Route Protection | ✅ Complete | Middleware-based authentication |
| User Context | ✅ Complete | User information available app-wide |
| Error Handling | ✅ Complete | Graceful auth error management |
| Frontend UI | ✅ Complete | Clean login/logout interface |
| API Foundation | ✅ Complete | Server API structure ready for RBAC |
## 🎯 **Benefits Achieved**
### **Security Benefits**
- ✅ **Production-Ready Authentication**: OAuth2/OIDC compliance
- ✅ **Secure Session Management**: HTTP-only, secure cookies
- ✅ **Token Validation**: Real-time validation with identity provider
- ✅ **CSRF Protection**: SameSite cookie configuration
### **Developer Experience**
- ✅ **Easy Integration**: Simple `useAuth()` composable
- ✅ **Automatic Protection**: Page-level middleware protection
- ✅ **Type Safety**: Full TypeScript support
- ✅ **Error Handling**: Comprehensive error management
### **User Experience**
- ✅ **Single Sign-On**: Seamless authentication with Authentik
- ✅ **Automatic Redirects**: Smart routing based on auth status
- ✅ **Clean Interface**: Professional login/logout UI
- ✅ **Session Persistence**: Persistent authentication state
## 🚧 **Next Phase: RBAC Implementation**
With authentication foundation complete, the next phase focuses on:
### **Database Implementation**
- **Prisma Schema**: Complete RBAC database schema
- **Migrations**: Database setup and versioning
- **Seed Data**: Default applications, roles, permissions
### **RBAC API Development**
- **Application Management**: CRUD operations for applications
- **User Management**: User assignment and role management
- **Group Management**: Group creation and role collections
- **Permission System**: Real-time permission checking
### **Frontend RBAC Integration**
- **Application Management UI**: Connect to application APIs
- **User Management**: Complete user creation and assignment
- **Role Management**: Role creation and permission assignment
- **Permission-Based UI**: Dynamic interface based on user permissions
---
**Status**: ✅ **Authentication foundation complete and production-ready. Ready for RBAC database and API implementation.**

49
middleware/auth.js
View File

@ -1,26 +1,37 @@
export default defineNuxtRouteMiddleware(async (to, from) => {
const { $swal } = useNuxtApp();
// Skip auth check for public routes
const publicRoutes = ['/login', '/logout'];
if (publicRoutes.includes(to.path)) {
return;
}
if (process.client) {
// Validate every request to every page
const { data: validateUser } = await useFetch("/api/auth/validate", {
method: "GET",
});
try {
// Validate authentication with new endpoint
const { data: validateUser } = await useFetch("/api/auth/validate", {
method: "GET",
server: false // Client-side only
});
// If user is not logged in, redirect to logout page
if (validateUser.value.statusCode === 401) {
$swal
.fire({
title: "Session Expired",
text: "Your session has expired. Please login again.",
icon: "warning",
confirmButtonText: "OK",
})
.then(() => {
return window.location.replace("/logout");
});
// If user is not logged in, redirect to login page
if (validateUser.value && validateUser.value.statusCode === 401) {
const { $swal } = useNuxtApp();
if ($swal) {
await $swal.fire({
title: "Authentication Required",
text: "Please log in to access this page.",
icon: "warning",
confirmButtonText: "Login",
allowOutsideClick: false
});
}
return navigateTo('/login');
}
} catch (error) {
console.error('Auth middleware error:', error);
return navigateTo('/login');
}
return true;
}
});

27
middleware/dashboard.js
View File

@ -1,11 +1,24 @@
export default defineNuxtRouteMiddleware(async (to, from) => {
// Validate every request to every page
const { data: validateUser } = await useFetch("/api/auth/validate", {
method: "GET",
});
// Skip if already on dashboard
if (to.path === '/dashboard') {
return;
}
// If user is not logged in, redirect to logout page
if (validateUser.value.statusCode === 401) return true;
if (process.client) {
try {
// Check if user is authenticated
const { data: validateUser } = await useFetch("/api/auth/validate", {
method: "GET",
server: false
});
return navigateTo("/dashboard");
// If user is authenticated, redirect to dashboard
if (validateUser.value && validateUser.value.statusCode === 200) {
return navigateTo("/dashboard");
}
} catch (error) {
// If validation fails, continue to the requested route
console.error('Dashboard middleware error:', error);
}
}
});

8
middleware/forbidden.js
View File

@ -1,4 +1,8 @@
export default defineNuxtRouteMiddleware(async (to, from) => {
// Throw error to page 404 not found
throw new Error("Forbidden");
// This middleware can be used for routes that require specific permissions
// For now, just throw a proper error
throw createError({
statusCode: 403,
statusMessage: "Forbidden - Access Denied"
});
});

27
middleware/main.js
View File

@ -1,3 +1,26 @@
export default defineNuxtRouteMiddleware((to, from) => {
return navigateTo("/login");
export default defineNuxtRouteMiddleware(async (to, from) => {
// If accessing root path, check authentication and redirect appropriately
if (to.path === '/') {
if (process.client) {
try {
// Check if user is authenticated
const { data: validateUser } = await useFetch("/api/auth/validate", {
method: "GET",
server: false
});
// If authenticated, go to dashboard, otherwise login
if (validateUser.value && validateUser.value.statusCode === 200) {
return navigateTo("/dashboard");
} else {
return navigateTo("/login");
}
} catch (error) {
// If validation fails, redirect to login
return navigateTo("/login");
}
}
// Server-side fallback
return navigateTo("/login");
}
});

94
navigation/index.js
View File

@ -1,6 +1,6 @@
export default [
{
"header": "Utama",
"header": "Main",
"description": "",
"child": [
{
@ -11,90 +11,68 @@ export default [
"meta": {}
},
{
"title": "Notes",
"path": "/notes",
"icon": "",
"child": []
},
{
"title": "Metabase",
"path": "/metabase",
"icon": "",
"child": []
"title": "Dashboard RBAC",
"path": "/dashboard-rbac",
"icon": "ic:outline-dashboard",
"child": [],
"meta": {}
}
],
"meta": {}
},
{
"header": "Pentadbiran",
"description": "Urus aplikasi anda",
"header": "Identity & Access Management",
"description": "Complete user, group, and role management",
"child": [
{
"title": "Konfigurasi",
"icon": "ic:outline-settings",
"child": [
{
"title": "Persekitaran",
"path": "/devtool/config/environment"
},
{
"title": "Site Settings",
"path": "/devtool/config/site-settings"
}
]
},
{
"title": "Penyunting Menu",
"icon": "ci:menu-alt-03",
"path": "/devtool/menu-editor",
"title": "Users",
"path": "/users",
"icon": "ph:users",
"child": []
},
{
"title": "Urus Pengguna",
"path": "/devtool/user-management",
"icon": "ph:user-circle-gear",
"title": "Groups",
"path": "/groups",
"icon": "ph:users-three",
"child": []
},
{
"title": "Roles",
"icon": "ph:shield-check",
"child": [
{
"title": "Senarai Pengguna",
"path": "/devtool/user-management/user",
"icon": "",
"title": "Role List",
"path": "/roles",
"icon": "ph:list",
"child": []
},
{
"title": "Senarai Peranan",
"path": "/devtool/user-management/role",
"icon": "",
"title": "Templates",
"path": "/roles/templates",
"icon": "ph:copy",
"child": []
}
]
},
{
"title": "Kandungan",
"icon": "mdi:pencil-ruler",
"title": "Applications",
"icon": "ph:app-window",
"child": [
{
"title": "Penyunting",
"path": "/devtool/content-editor"
"title": "Application List",
"path": "/applications",
"icon": "ph:list",
"child": []
},
{
"title": "Templat",
"path": "/devtool/content-editor/template"
"title": "Resources",
"path": "/applications/resources",
"icon": "ph:gear",
"child": []
}
]
},
{
"title": "Penyunting API",
"path": "/devtool/api-editor",
"icon": "material-symbols:api-rounded",
"child": []
}
],
"meta": {
"auth": {
"role": [
"Developer"
]
}
}
"meta": {}
}
]

14
nuxt.config.js
View File

@ -1,14 +1,22 @@
// https://v3.nuxtjs.org/api/configuration/nuxt.config
export default defineNuxtConfig({
runtimeConfig: {
// Private keys (server-side only)
auth: {
secretAccess: process.env.NUXT_ACCESS_TOKEN_SECRET,
secretRefresh: process.env.NUXT_REFRESH_TOKEN_SECRET,
},
metabase: {
secretKey: process.env.NUXT_METABASE_SECRET_KEY || "c98a5b005450e699b6d420f46e0062912ac75268716f1298c11d8bb11c291eb0",
siteUrl: process.env.NUXT_METABASE_SITE_URL || "http://mb.sena.my",
// Authentik configuration
authentik: {
apiToken: process.env.AUTHENTIK_API_TOKEN,
clientId: process.env.AUTHENTIK_CLIENT_ID,
clientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
},
// Public keys (client-side accessible)
public: {
appUrl: process.env.APP_URL || 'http://localhost:3000',
authentikUrl: process.env.AUTHENTIK_URL || 'http://localhost:9000'
}
},
modules: [
"@nuxtjs/tailwindcss",

674
pages/BF-PRF/AS/DETAIL/[id]/index.vue
View File

@ -1,674 +0,0 @@
<script setup>
import { ref, computed, onMounted } from 'vue';
import { useAsnafMockData } from '~/composables/useAsnafMockData';
import { useToast } from 'vue-toastification';
const route = useRoute();
const toast = useToast();
const { getProfileById } = useAsnafMockData();
const profile = ref(null);
const loading = ref(true);
const isLoadingAnalysis = ref(false);
const confirmDelete = ref(false);
const activeTab = ref('personal');
// Load profile data
onMounted(async () => {
const id = route.params.id;
loading.value = true;
const fetchedProfile = getProfileById(id);
if (fetchedProfile) {
profile.value = { ...fetchedProfile, analysis: null };
loading.value = false;
} else {
toast.error('Profil tidak dijumpai');
navigateTo('/BF-PRF/AS/LIST');
loading.value = false;
}
});
// New function to be called by a button
async function fetchAIAnalysis() {
if (!profile.value) {
toast.error('Profil data tidak tersedia untuk analisis.');
return;
}
isLoadingAnalysis.value = true;
try {
const requestBody = {
monthlyIncome: profile.value.monthlyIncome,
otherIncome: profile.value.otherIncome,
totalIncome: profile.value.totalIncome,
occupation: profile.value.occupation,
maritalStatus: profile.value.maritalStatus,
dependents: profile.value.dependents,
// Add other fields you want to send for analysis here
};
const analysisResponse = await $fetch('/api/analyze-asnaf', {
method: 'POST',
body: requestBody,
});
if (profile.value) {
profile.value.analysis = analysisResponse;
}
} catch (error) {
console.error("Error fetching AI Analysis from /api/analyze-asnaf:", error);
toast.error('Gagal memuat analisis AI dari server.');
if (profile.value) {
profile.value.analysis = {
hadKifayahPercentage: 'Ralat',
kategoriAsnaf: 'Ralat Server',
kategoriKeluarga: 'Ralat Server',
cadanganKategori: 'Ralat Server',
statusKelayakan: 'Ralat Server',
cadanganBantuan: [{ nama: 'Tidak dapat memuat cadangan bantuan', peratusan: 'Ralat' }],
ramalanJangkaMasaPulih: 'Ralat Server',
rumusan: 'Ralat Server'
};
}
} finally {
isLoadingAnalysis.value = false;
}
}
// Computed status color
const statusColor = computed(() => {
if (!profile.value) return '';
switch (profile.value.status) {
case 'Aktif': return 'success';
case 'Tidak Aktif': return 'danger';
case 'Dalam Semakan': return 'warning';
default: return 'secondary';
}
});
// Computed category color
const categoryColor = computed(() => {
if (!profile.value) return '';
switch (profile.value.kategori) {
case 'Fakir': return 'danger';
case 'Miskin': return 'warning';
case 'Mualaf': return 'info';
case 'Fi-sabilillah': return 'primary';
case 'Gharimin': return 'secondary';
case 'Ibnu Sabil': return 'success';
default: return 'primary';
}
});
// Page metadata
definePageMeta({
title: "Maklumat Asnaf",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{
name: "Dashboard",
path: "/",
},
{
name: "BF-PRF",
path: "/BF-PRF",
},
{
name: "Asnaf",
path: "/BF-PRF/AS",
},
{
name: "Senarai",
path: "/BF-PRF/AS/LIST",
},
{
name: "Maklumat",
path: "/BF-PRF/AS/DETAIL",
},
],
});
// Navigation functions
function navigateToList() {
navigateTo('/BF-PRF/AS/LIST');
}
function navigateToEdit() {
navigateTo(`/BF-PRF/AS/UP/01?id=${profile.value.id}`);
}
function handleDelete() {
confirmDelete.value = true;
}
function confirmDeleteProfile() {
toast.success('Profil telah dipadamkan');
navigateTo('/BF-PRF/AS/LIST');
confirmDelete.value = false;
}
function cancelDelete() {
confirmDelete.value = false;
}
</script>
<template>
<div class="space-y-6">
<LayoutsBreadcrumb />
<!-- Loading state -->
<div v-if="loading" class="flex justify-center items-center py-20">
<div class="text-center">
<Loading />
<p class="mt-4 text-gray-600">Memuat maklumat asnaf...</p>
</div>
</div>
<div v-else>
<!-- Header with actions -->
<div class="flex flex-col md:flex-row md:justify-between md:items-center gap-4 mb-6">
<div class="flex items-center gap-3">
<h1 class="text-2xl font-bold text-primary">{{ profile.nama }}</h1>
<rs-badge :variant="statusColor">{{ profile.status }}</rs-badge>
<rs-badge :variant="categoryColor">{{ profile.kategori }}</rs-badge>
</div>
<div class="flex items-center gap-2">
<rs-button variant="secondary-outline" @click="navigateToList">
<Icon name="mdi:arrow-left" size="18" class="mr-1" />
Kembali
</rs-button>
<rs-button variant="primary" @click="navigateToEdit">
<Icon name="mdi:pencil" size="18" class="mr-1" />
Kemaskini
</rs-button>
<rs-button variant="danger" @click="handleDelete">
<Icon name="mdi:delete" size="18" class="mr-1" />
Padam
</rs-button>
</div>
</div>
<!-- Profile Overview -->
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6 mb-6">
<!-- Profile Photo and Basic Info -->
<rs-card class="lg:col-span-1">
<div class="p-6 flex flex-col items-center">
<div class="w-32 h-32 rounded-full bg-gray-200 flex items-center justify-center mb-4 overflow-hidden">
<Icon name="mdi:account" size="64" class="text-gray-400" />
</div>
<h2 class="text-xl font-semibold text-center">{{ profile.nama }}</h2>
<p class="text-gray-500 text-center mb-4">{{ profile.id }}</p>
<div class="w-full text-center">
<rs-badge :variant="categoryColor" class="mb-2">{{ profile.kategori }}</rs-badge>
<p class="text-sm text-gray-600">Didaftarkan pada {{ new Date(profile.tarikhDaftar).toLocaleDateString('ms-MY') }}</p>
</div>
</div>
</rs-card>
<!-- Personal Information -->
<rs-card class="lg:col-span-2">
<template #header>
<div class="px-4 py-3">
<h3 class="text-lg font-semibold text-primary flex items-center">
<Icon name="mdi:account-details" size="20" class="mr-2" />
Maklumat Peribadi
</h3>
</div>
</template>
<template #body>
<div class="p-4">
<div class="grid grid-cols-1 md:grid-cols-2 gap-x-6 gap-y-4">
<div>
<h4 class="text-sm font-medium text-gray-500">No. Kad Pengenalan</h4>
<p>{{ profile.idNumber }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Jantina</h4>
<p>{{ profile.gender }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Tarikh Lahir</h4>
<p>{{ new Date(profile.birthDate).toLocaleDateString('ms-MY') }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Status Perkahwinan</h4>
<p>{{ profile.maritalStatus }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Pekerjaan</h4>
<p>{{ profile.occupation }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Pendapatan Bulanan</h4>
<p>RM {{ profile.monthlyIncome }}</p>
</div>
</div>
</div>
</template>
</rs-card>
<!-- Contact Information -->
<rs-card class="lg:col-span-3">
<template #header>
<div class="px-4 py-3">
<h3 class="text-lg font-semibold text-primary flex items-center">
<Icon name="mdi:contacts" size="20" class="mr-2" />
Maklumat Perhubungan
</h3>
</div>
</template>
<template #body>
<div class="p-4">
<div class="grid grid-cols-1 md:grid-cols-3 gap-x-6 gap-y-4">
<div>
<h4 class="text-sm font-medium text-gray-500">Alamat</h4>
<p>{{ profile.alamat || 'Tiada' }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">No. Telefon</h4>
<p>{{ profile.telefon }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Emel</h4>
<p>{{ profile.email }}</p>
</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Tabbed Details -->
<rs-card>
<template #header>
<div class="px-4 py-3 border-b">
<div class="flex overflow-x-auto space-x-4">
<button
@click="activeTab = 'personal'"
class="py-2 px-1 border-b-2 font-medium text-sm whitespace-nowrap transition-colors"
:class="activeTab === 'personal' ? 'border-primary text-primary' : 'border-transparent text-gray-500 hover:text-gray-700'"
>
<Icon name="mdi:account-group" size="18" class="mr-1" />
Maklumat Keluarga
</button>
<button
@click="activeTab = 'income'"
class="py-2 px-1 border-b-2 font-medium text-sm whitespace-nowrap transition-colors"
:class="activeTab === 'income' ? 'border-primary text-primary' : 'border-transparent text-gray-500 hover:text-gray-700'"
>
<Icon name="mdi:cash" size="18" class="mr-1" />
Maklumat Pendapatan
</button>
<button
@click="activeTab = 'aid'"
class="py-2 px-1 border-b-2 font-medium text-sm whitespace-nowrap transition-colors"
:class="activeTab === 'aid' ? 'border-primary text-primary' : 'border-transparent text-gray-500 hover:text-gray-700'"
>
<Icon name="mdi:gift" size="18" class="mr-1" />
Maklumat Bantuan
</button>
<button
@click="activeTab = 'documents'"
class="py-2 px-1 border-b-2 font-medium text-sm whitespace-nowrap transition-colors"
:class="activeTab === 'documents' ? 'border-primary text-primary' : 'border-transparent text-gray-500 hover:text-gray-700'"
>
<Icon name="mdi:file-document" size="18" class="mr-1" />
Dokumen
</button>
<button
@click="activeTab = 'analysis'"
class="py-2 px-1 border-b-2 font-medium text-sm whitespace-nowrap transition-colors"
:class="activeTab === 'analysis' ? 'border-primary text-primary' : 'border-transparent text-gray-500 hover:text-gray-700'"
>
<Icon name="mdi:chart-bar" size="18" class="mr-1" />
Analisis Data
</button>
</div>
</div>
</template>
<template #body>
<!-- Family Information Tab -->
<div v-if="activeTab === 'personal'" class="p-6">
<div v-if="profile.spouse" class="mb-8">
<h3 class="text-lg font-semibold text-primary mb-4">Maklumat Pasangan</h3>
<div class="bg-gray-50 p-4 rounded-lg">
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div>
<h4 class="text-sm font-medium text-gray-500">Nama</h4>
<p>{{ profile.spouse.name }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">No. Kad Pengenalan</h4>
<p>{{ profile.spouse.idNumber }}</p>
</div>
</div>
</div>
</div>
<div>
<h3 class="text-lg font-semibold text-primary mb-4">Tanggungan</h3>
<div v-if="profile.dependents && profile.dependents.length > 0">
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200">
<thead>
<tr>
<th class="px-6 py-3 bg-gray-50 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Bil.</th>
<th class="px-6 py-3 bg-gray-50 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Nama</th>
<th class="px-6 py-3 bg-gray-50 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Umur</th>
<th class="px-6 py-3 bg-gray-50 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Hubungan</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<tr v-for="(dependent, index) in profile.dependents" :key="index" class="hover:bg-gray-50">
<td class="px-6 py-4 whitespace-nowrap">{{ index + 1 }}</td>
<td class="px-6 py-4 whitespace-nowrap">{{ dependent.name }}</td>
<td class="px-6 py-4 whitespace-nowrap">{{ dependent.age }}</td>
<td class="px-6 py-4 whitespace-nowrap">{{ dependent.relationship }}</td>
</tr>
</tbody>
</table>
</div>
</div>
<div v-else class="bg-gray-50 p-6 rounded-lg text-center">
<Icon name="mdi:account-off" size="48" class="text-gray-400 mb-2" />
<p class="text-gray-500">Tiada tanggungan</p>
</div>
</div>
</div>
<!-- Income Information Tab -->
<div v-if="activeTab === 'income'" class="p-6">
<div class="grid grid-cols-1 md:grid-cols-3 gap-6">
<rs-card>
<div class="p-4 text-center">
<div class="mb-2">
<Icon name="mdi:cash-multiple" size="36" class="text-primary" />
</div>
<p class="text-sm text-gray-500">Pendapatan Bulanan</p>
<p class="text-xl font-bold text-primary">RM {{ profile.monthlyIncome }}</p>
</div>
</rs-card>
<rs-card>
<div class="p-4 text-center">
<div class="mb-2">
<Icon name="mdi:cash-plus" size="36" class="text-primary" />
</div>
<p class="text-sm text-gray-500">Pendapatan Lain</p>
<p class="text-xl font-bold text-primary">RM {{ profile.otherIncome }}</p>
</div>
</rs-card>
<rs-card>
<div class="p-4 text-center">
<div class="mb-2">
<Icon name="mdi:cash-register" size="36" class="text-primary" />
</div>
<p class="text-sm text-gray-500">Jumlah Pendapatan</p>
<p class="text-xl font-bold text-primary">RM {{ profile.totalIncome }}</p>
</div>
</rs-card>
</div>
<div class="mt-6">
<h3 class="text-lg font-semibold text-primary mb-4">Butiran Pendapatan</h3>
<div class="bg-gray-50 p-4 rounded-lg">
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div>
<h4 class="text-sm font-medium text-gray-500">Pekerjaan</h4>
<p>{{ profile.occupation }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Pendapatan Bulanan</h4>
<p>RM {{ profile.monthlyIncome }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Pendapatan Lain</h4>
<p>RM {{ profile.otherIncome }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Jumlah Pendapatan</h4>
<p>RM {{ profile.totalIncome }}</p>
</div>
</div>
</div>
</div>
</div>
<!-- Aid Information Tab -->
<div v-if="activeTab === 'aid'" class="p-6">
<div class="bg-gray-50 p-6 rounded-lg text-center">
<Icon name="mdi:gift-off" size="48" class="text-gray-400 mb-2" />
<p class="text-gray-500">Tiada maklumat bantuan</p>
</div>
</div>
<!-- Documents Tab -->
<div v-if="activeTab === 'documents'" class="p-6">
<h3 class="text-lg font-semibold text-primary mb-4">Dokumen Sokongan</h3>
<div v-if="profile.documents && profile.documents.length > 0">
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
<div v-for="(doc, index) in profile.documents" :key="index" class="border rounded-lg overflow-hidden">
<div class="bg-gray-50 p-4 flex items-center">
<Icon name="mdi:file-document" size="24" class="text-primary mr-3" />
<div>
<h4 class="font-medium">{{ doc.name }}</h4>
<p class="text-sm text-gray-500">{{ doc.size }}</p>
</div>
</div>
<div class="p-3 flex justify-end">
<rs-button variant="primary-text" size="sm">
<Icon name="mdi:download" size="16" class="mr-1" />
Muat Turun
</rs-button>
<rs-button variant="secondary-text" size="sm">
<Icon name="mdi:eye" size="16" class="mr-1" />
Papar
</rs-button>
</div>
</div>
</div>
</div>
<div v-else class="bg-gray-50 p-6 rounded-lg text-center">
<Icon name="mdi:file-document-off" size="48" class="text-gray-400 mb-2" />
<p class="text-gray-500">Tiada dokumen</p>
</div>
</div>
<!-- Analysis Tab -->
<div v-if="activeTab === 'analysis'" class="p-6">
<!-- Button to trigger AI Analysis -->
<div v-if="!profile.analysis && !isLoadingAnalysis" class="text-center mb-6">
<rs-button variant="primary" @click="fetchAIAnalysis" size="lg">
<Icon name="mdi:brain" size="20" class="mr-2" />
Jalankan Analisis AI
</rs-button>
<p class="text-sm text-gray-500 mt-2">Klik untuk mendapatkan penilaian berdasarkan data profil.</p>
</div>
<!-- Loading State for AI Analysis -->
<div v-if="isLoadingAnalysis" class="text-center py-10">
<Loading />
<p class="mt-4 text-gray-600">Analisis AI sedang dijalankan...</p>
<p class="text-sm text-gray-500">Sila tunggu sebentar.</p>
</div>
<!-- Display Analysis Results -->
<div v-if="profile.analysis && !isLoadingAnalysis" class="grid grid-cols-1 lg:grid-cols-3 gap-6">
<!-- AI Analysis Main Column (takes 2/3 on lg screens) -->
<div class="lg:col-span-2 space-y-6">
<!-- Card 1: Analisis Had Kifayah & Kelayakan -->
<rs-card>
<template #header>
<h3 class="text-lg font-semibold text-primary p-4 border-b">Analisis Had Kifayah & Kelayakan (AI)</h3>
</template>
<template #body>
<div class="p-4 space-y-4">
<div>
<h4 class="text-sm font-medium text-gray-500 mb-1">Peratusan Had Kifayah</h4>
<div v-if="profile.analysis.hadKifayahPercentage === 'N/A' || profile.analysis.hadKifayahPercentage === 'Ralat'" class="text-gray-500">
{{ profile.analysis.hadKifayahPercentage }}
</div>
<div v-else class="relative pt-1">
<div class="overflow-hidden h-4 text-xs flex rounded bg-gray-200">
<div
:style="{ width: profile.analysis.hadKifayahPercentage }"
:class="{
'bg-red-500': parseInt(profile.analysis.hadKifayahPercentage) < 60,
'bg-yellow-500': parseInt(profile.analysis.hadKifayahPercentage) >= 60 && parseInt(profile.analysis.hadKifayahPercentage) < 80,
'bg-green-500': parseInt(profile.analysis.hadKifayahPercentage) >= 80 && parseInt(profile.analysis.hadKifayahPercentage) <= 100,
'bg-blue-500': parseInt(profile.analysis.hadKifayahPercentage) > 100
}"
class="shadow-none flex flex-col text-center whitespace-nowrap text-white justify-center"
>
{{ profile.analysis.hadKifayahPercentage }}
</div>
</div>
</div>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Kategori Asnaf (AI)</h4>
<p>{{ profile.analysis.kategoriAsnaf }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Kategori Keluarga (AI)</h4>
<p>{{ profile.analysis.kategoriKeluarga }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Cadangan Kategori (AI)</h4>
<p>{{ profile.analysis.cadanganKategori }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Status Kelayakan (AI)</h4>
<p>{{ profile.analysis.statusKelayakan }}</p>
</div>
</div>
</template>
</rs-card>
<!-- Card 2: Cadangan & Rumusan AI -->
<rs-card>
<template #header>
<h3 class="text-lg font-semibold text-primary p-4 border-b">Cadangan & Rumusan (AI)</h3>
</template>
<template #body>
<div class="p-4 space-y-4">
<div>
<h4 class="text-sm font-medium text-gray-500">Cadangan Bantuan (AI)</h4>
<ul v-if="profile.analysis.cadanganBantuan && profile.analysis.cadanganBantuan.length > 0" class="list-disc list-inside space-y-1 mt-1">
<li v-for="(bantuan, index) in profile.analysis.cadanganBantuan" :key="index" class="text-gray-700">
{{ bantuan.nama }}
<span v-if="bantuan.peratusan && bantuan.peratusan !== 'Ralat'" class="font-semibold text-blue-600">({{ bantuan.peratusan }})</span>
<span v-else-if="bantuan.peratusan === 'Ralat'" class="text-red-500 text-xs">({{ bantuan.peratusan }})</span>
</li>
</ul>
<p v-else class="text-gray-500 mt-1">Tiada cadangan bantuan spesifik.</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Ramalan Jangka Masa Taraf Hidup Pulih (AI)</h4>
<p>{{ profile.analysis.ramalanJangkaMasaPulih }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Rumusan Keseluruhan (AI)</h4>
<div class="mt-1 p-3 bg-blue-50 border-l-4 border-blue-500 rounded-r-md">
<p class="whitespace-pre-line text-gray-700 text-sm">{{ profile.analysis.rumusan }}</p>
</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Original Data Column (takes 1/3 on lg screens) -->
<div class="lg:col-span-1">
<rs-card>
<template #header>
<h3 class="text-lg font-semibold text-gray-700 p-4 border-b">Ringkasan Profil (Data Asal)</h3>
</template>
<template #body>
<div class="p-4 space-y-3">
<div>
<h4 class="text-sm font-medium text-gray-500">Jenis Kategori (Asal)</h4>
<rs-badge :variant="categoryColor" class="mt-1">{{ profile.kategori }}</rs-badge>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Status Semasa (Asal)</h4>
<rs-badge :variant="statusColor" class="mt-1">{{ profile.status }}</rs-badge>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Jumlah Pendapatan (Asal)</h4>
<p>RM {{ profile.totalIncome }}</p>
</div>
<div>
<h4 class="text-sm font-medium text-gray-500">Jumlah Tanggungan (Asal)</h4>
<p>{{ profile.dependents.length }} orang</p>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Delete Confirmation Modal -->
<rs-modal v-model="confirmDelete">
<template #header>
<div class="flex items-center">
<Icon name="mdi:alert-circle" size="24" class="text-red-500 mr-2" />
<h3 class="text-lg font-medium">Padam Profil</h3>
</div>
</template>
<template #default>
<div class="p-4">
<p class="mb-4">Adakah anda pasti ingin memadam profil ini?</p>
<p class="text-sm text-gray-500 mb-2">Nama: <span class="font-medium">{{ profile?.nama }}</span></p>
<p class="text-sm text-gray-500">ID: <span class="font-medium">{{ profile?.id }}</span></p>
</div>
</template>
<template #footer>
<div class="flex justify-end gap-2">
<rs-button variant="secondary-outline" @click="cancelDelete">
Batal
</rs-button>
<rs-button variant="danger" @click="confirmDeleteProfile">
Padam
</rs-button>
</div>
</template>
</rs-modal>
</div>
</template>

337
pages/BF-PRF/AS/LIST/index.vue
View File

@ -1,337 +0,0 @@
<script setup>
import { ref, computed, onMounted } from 'vue';
import { useAsnafMockData } from '~/composables/useAsnafMockData';
definePageMeta({
title: "Senarai Asnaf",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{
name: "Dashboard",
path: "/",
},
{
name: "BF-PRF",
path: "/BF-PRF",
},
{
name: "Asnaf",
path: "/BF-PRF/AS",
},
{
name: "Senarai",
path: "/BF-PRF/AS/LIST",
},
],
});
// Get asnaf data from the composable
const { asnafProfiles, statistics, filterProfiles, categories, statuses } = useAsnafMockData();
// Table reactivity control
const tableKey = ref(0);
const currentPage = ref(1);
const pageSize = ref(10);
const totalProfiles = ref(0);
const isLoading = ref(false);
// Search and filter variables
const searchQuery = ref('');
const selectedStatus = ref('All');
const selectedCategory = ref('All');
// Table data and fields
const tableData = computed(() => {
return filterProfiles(searchQuery.value, selectedStatus.value, selectedCategory.value);
});
const tableFields = [
{ field: 'no', label: 'No.' },
{ field: 'id', label: 'ID' },
{ field: 'nama', label: 'Nama' },
{ field: 'idNumber', label: 'No. ID' },
{ field: 'kategori', label: 'Kategori' },
{ field: 'status', label: 'Status' },
{ field: 'tindakan', label: 'Tindakan' }
];
// Generate table field and data mapping
const formattedTableData = computed(() => {
return tableData.value.map((profile, index) => ({
no: index + 1,
id: profile.id,
nama: profile.nama,
idNumber: profile.idNumber,
kategori: profile.kategori,
status: profile.status,
tindakan: profile.id
}));
});
// Helper functions
function getBadgeVariantForCategory(category) {
switch (category) {
case 'Fakir': return 'danger';
case 'Miskin': return 'warning';
case 'Mualaf': return 'info';
case 'Fi-sabilillah': return 'primary';
case 'Gharimin': return 'secondary';
case 'Ibnu Sabil': return 'success';
default: return 'primary';
}
}
function getBadgeVariantForStatus(status) {
switch (status) {
case 'Aktif': return 'success';
case 'Tidak Aktif': return 'danger';
case 'Dalam Semakan': return 'warning';
default: return 'secondary';
}
}
function navigateToDetail(id) {
console.log("Attempting to navigate to detail for ID:", id);
if (id) {
navigateTo(`/BF-PRF/AS/DETAIL/${id}`);
} else {
console.error("Navigation failed: ID is undefined or null");
}
}
function navigateToRegistration() {
navigateTo('/BF-PRF/AS/FR/01');
}
// Pagination
const handlePageChange = (newPage) => {
currentPage.value = newPage;
fetchProfiles();
};
// Fetch data
async function fetchProfiles() {
isLoading.value = true;
// Simulate API delay
await new Promise(resolve => setTimeout(resolve, 500));
totalProfiles.value = tableData.value.length;
isLoading.value = false;
tableKey.value++; // Force table re-render
}
// Lifecycle hooks
onMounted(() => {
fetchProfiles();
});
</script>
<template>
<div class="space-y-6">
<LayoutsBreadcrumb />
<!-- Header -->
<div class="flex justify-between items-center">
<h1 class="text-2xl font-bold text-primary">Senarai Asnaf</h1>
<rs-button
variant="primary"
class="flex items-center gap-2"
@click="navigateToRegistration"
>
<Icon name="mdi:plus" size="18" />
<span>Tambah Asnaf</span>
</rs-button>
</div>
<!-- Statistics Cards -->
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4">
<rs-card class="transition-all duration-300 hover:shadow-lg">
<div class="p-4 flex items-center gap-4">
<div class="p-4 flex justify-center items-center bg-blue-100 rounded-xl">
<Icon name="mdi:account-group" size="24" class="text-primary" />
</div>
<div>
<span class="block text-2xl font-bold text-primary">{{ statistics.total }}</span>
<span class="text-sm text-gray-600">Jumlah Asnaf</span>
</div>
</div>
</rs-card>
<rs-card class="transition-all duration-300 hover:shadow-lg">
<div class="p-4 flex items-center gap-4">
<div class="p-4 flex justify-center items-center bg-green-100 rounded-xl">
<Icon name="mdi:check-circle" size="24" class="text-green-600" />
</div>
<div>
<span class="block text-2xl font-bold text-green-600">{{ statistics.active }}</span>
<span class="text-sm text-gray-600">Aktif</span>
</div>
</div>
</rs-card>
<rs-card class="transition-all duration-300 hover:shadow-lg">
<div class="p-4 flex items-center gap-4">
<div class="p-4 flex justify-center items-center bg-yellow-100 rounded-xl">
<Icon name="mdi:clock-time-four" size="24" class="text-yellow-600" />
</div>
<div>
<span class="block text-2xl font-bold text-yellow-600">{{ statistics.review }}</span>
<span class="text-sm text-gray-600">Dalam Semakan</span>
</div>
</div>
</rs-card>
<rs-card class="transition-all duration-300 hover:shadow-lg">
<div class="p-4 flex items-center gap-4">
<div class="p-4 flex justify-center items-center bg-red-100 rounded-xl">
<Icon name="mdi:close-circle" size="24" class="text-red-600" />
</div>
<div>
<span class="block text-2xl font-bold text-red-600">{{ statistics.inactive }}</span>
<span class="text-sm text-gray-600">Tidak Aktif</span>
</div>
</div>
</rs-card>
</div>
<!-- Search and Filters -->
<rs-card>
<div class="p-4">
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Carian</label>
<div class="relative rounded-md shadow-sm">
<div class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-none">
<Icon name="mdi:magnify" size="18" class="text-gray-400" />
</div>
<input
v-model="searchQuery"
type="text"
class="block w-full pl-10 pr-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-primary focus:border-primary"
placeholder="Cari dengan nama atau ID..."
/>
</div>
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Status</label>
<select
v-model="selectedStatus"
class="block w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-primary focus:border-primary"
>
<option value="All">Semua Status</option>
<option v-for="status in statuses" :key="status" :value="status">
{{ status }}
</option>
</select>
</div>
<div>
<label class="block text-sm font-medium text-gray-700 mb-1">Kategori</label>
<select
v-model="selectedCategory"
class="block w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-primary focus:border-primary"
>
<option value="All">Semua Kategori</option>
<option v-for="category in categories" :key="category" :value="category">
{{ category }}
</option>
</select>
</div>
</div>
</div>
</rs-card>
<!-- Data Table -->
<rs-card>
<template #header>
<div class="px-4 py-3 flex items-center justify-between">
<h2 class="text-lg font-semibold text-primary">Senarai Asnaf</h2>
<span class="text-sm text-gray-500">
{{ tableData.length }} asnaf dijumpai
</span>
</div>
</template>
<template #body>
<div v-if="isLoading && tableData.length === 0" class="py-8 text-center">
<div class="flex justify-center">
<Icon name="mdi:loading" size="2rem" class="text-blue-500 animate-spin" />
</div>
<p class="mt-2 text-gray-600">Memuat data...</p>
</div>
<rs-table
v-else
class="mt-4"
:key="tableKey"
:data="formattedTableData"
:columns="tableFields"
:pageSize="pageSize"
:showNoColumn="true"
:options="{
variant: 'default',
hover: true,
striped: true,
bordered: true
}"
:current-page="currentPage"
:total-items="totalProfiles"
@page-change="handlePageChange"
>
<template v-slot:no="data">
{{ data.text }}
</template>
<template v-slot:id="data">
{{ data.text }}
</template>
<template v-slot:nama="data">
<div class="font-medium">{{ data.text }}</div>
</template>
<template v-slot:idNumber="data">
{{ data.text }}
</template>
<template v-slot:kategori="data">
<rs-badge :variant="getBadgeVariantForCategory(data.text)">{{ data.text }}</rs-badge>
</template>
<template v-slot:status="data">
<rs-badge :variant="getBadgeVariantForStatus(data.text)">
{{ data.text }}
</rs-badge>
</template>
<template v-slot:tindakan="data">
<div class="flex gap-2">
<rs-button
variant="primary"
size="sm"
class="!px-2 !py-1"
@click="() => {
navigateToDetail(data.value.tindakan);
}"
>
<Icon name="mdi:eye" size="1rem" class="mr-1" />
Lihat
</rs-button>
</div>
</template>
</rs-table>
<!-- Empty State -->
<div v-if="!isLoading && tableData.length === 0" class="text-center py-8">
<div class="flex justify-center mb-4">
<Icon name="mdi:magnify" size="4rem" class="text-gray-400" />
</div>
<h3 class="text-lg font-medium text-gray-500">Tiada Profil Ditemui</h3>
<p class="text-gray-500 mt-2">Sila cuba carian lain atau reset penapis.</p>
</div>
</template>
</rs-card>
</div>
</template>

588
pages/applications/[id]/edit.vue Normal file
View File

@ -0,0 +1,588 @@
<script setup>
definePageMeta({
title: "Edit Application",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Applications", path: "/applications" },
{ name: "Edit Application", path: "", type: "current" },
],
});
import { ref, reactive, computed, onMounted } from "vue";
// Get application ID from route
const route = useRoute();
const applicationId = route.params.id;
const { $swal } = useNuxtApp();
// Form state - exactly like create page but will be populated with existing data
const applicationForm = reactive({
name: "",
slug: "",
description: "",
launchUrl: "",
setupType: "web-app", // Default to most common type
providerType: "oauth2", // Default to most common provider
});
// Loading states
const isLoading = ref(true);
const isSaving = ref(false);
// Original application data for comparison
const originalApplication = ref(null);
// Super simple setup types - no tech jargon (exactly like create page)
const setupTypes = ref([
{
id: "web-app",
name: "🌐 Website/Web App",
description: "For websites and web applications that users log into",
popular: true,
},
{
id: "mobile-app",
name: "📱 Mobile App",
description: "For mobile apps (iPhone, Android) that need login",
popular: false,
},
{
id: "desktop-app",
name: "💻 Desktop App",
description: "For desktop software that needs user authentication",
popular: false,
},
]);
// Simple provider presets - industry standards (exactly like create page)
const providerTypes = ref([
{
id: "oauth2",
name: "🔐 OAuth2/OIDC",
description: "Modern login standard - works with most apps (Recommended)",
popular: true,
technical: "OAuth2/OpenID Connect",
},
{
id: "saml",
name: "🏢 SAML SSO",
description: "Enterprise single sign-on - common in large companies",
popular: false,
technical: "SAML 2.0",
},
{
id: "ldap",
name: "📁 LDAP Directory",
description: "Connect to Active Directory or LDAP servers",
popular: false,
technical: "LDAP/Active Directory",
},
{
id: "proxy",
name: "🔄 Proxy Auth",
description: "For older apps that don't support modern login",
popular: false,
technical: "Forward Auth Proxy",
},
]);
// Fetch existing application data
const fetchApplication = async () => {
try {
isLoading.value = true;
const response = await $fetch(`/api/applications/${applicationId}`);
// Store original data
originalApplication.value = response;
// Populate form with existing data
applicationForm.name = response.name || "";
applicationForm.slug = response.slug || "";
applicationForm.description = response.meta_description || "";
applicationForm.launchUrl =
response.launch_url || response.meta_launch_url || "";
// Try to detect the setup type and provider type from existing data
// This is a best guess based on available information
applicationForm.setupType = "web-app"; // Default since we can't reliably detect this
// Try to detect provider type from provider_obj
if (response.provider_obj?.verbose_name_plural) {
const providerName =
response.provider_obj.verbose_name_plural.toLowerCase();
if (providerName.includes("oauth")) {
applicationForm.providerType = "oauth2";
} else if (providerName.includes("saml")) {
applicationForm.providerType = "saml";
} else if (providerName.includes("ldap")) {
applicationForm.providerType = "ldap";
} else if (providerName.includes("proxy")) {
applicationForm.providerType = "proxy";
}
}
} catch (error) {
console.error("Failed to fetch application:", error);
// Use SweetAlert instead of toast
$swal.fire({
icon: 'error',
title: 'Error',
text: 'Failed to load application data. Please try again.'
});
await navigateTo("/applications");
} finally {
isLoading.value = false;
}
};
// Simple validation (exactly like create page)
const isFormValid = computed(() => {
return (
applicationForm.name &&
applicationForm.description &&
applicationForm.launchUrl &&
applicationForm.setupType &&
applicationForm.providerType
);
});
// Check if form has changes
const hasChanges = computed(() => {
if (!originalApplication.value) return false;
return (
applicationForm.name !== originalApplication.value.name ||
applicationForm.slug !== originalApplication.value.slug ||
applicationForm.description !==
(originalApplication.value.meta_description || "") ||
applicationForm.launchUrl !==
(originalApplication.value.launch_url ||
originalApplication.value.meta_launch_url ||
"")
);
});
// Auto-generate slug when name changes (exactly like create page)
const generateSlug = () => {
if (
applicationForm.name &&
applicationForm.name !== originalApplication.value?.name
) {
applicationForm.slug = applicationForm.name
.toLowerCase()
.replace(/[^a-z0-9]/g, "-")
.replace(/-+/g, "-")
.replace(/^-|-$/g, "");
}
};
// Update application - super simplified (like create page)
const updateApplication = async () => {
if (!isFormValid.value) return;
isSaving.value = true;
try {
const applicationData = {
name: applicationForm.name,
slug: applicationForm.slug,
meta_description: applicationForm.description,
meta_launch_url: applicationForm.launchUrl,
meta_publisher: "IT Department",
setupType: applicationForm.setupType,
providerType: applicationForm.providerType,
};
console.log("Updating application:", applicationData);
const response = await $fetch(`/api/applications/${applicationId}`, {
method: "PUT",
body: applicationData,
});
console.log("Application updated successfully:", response);
// Show success message with SweetAlert instead of toast
$swal.fire({
icon: 'success',
title: 'Success',
text: response.message || "Application updated successfully!",
timer: 2000,
showConfirmButton: false
});
// Success - redirect to view page after short delay using the new slug
setTimeout(async () => {
// Use the updated slug from the response instead of the old applicationId
const newSlug = response.slug || applicationId;
await navigateTo(`/applications/${newSlug}`);
}, 1000);
} catch (error) {
console.error("Failed to update application:", error);
// Show error message with SweetAlert instead of toast
let errorMessage = "Failed to update application. ";
if (error.data?.message) {
errorMessage += error.data.message;
} else {
errorMessage += "Please check the details and try again.";
}
$swal.fire({
icon: 'error',
title: 'Error',
text: errorMessage
});
} finally {
isSaving.value = false;
}
};
// Get dynamic info based on selected provider (updated for edit context)
const getProviderInfo = () => {
const providerInfo = {
oauth2: {
title: "OAuth2 configuration will be updated",
description:
"Changes to OAuth2 settings may require updating your application's callback URLs and client configuration.",
},
saml: {
title: "SAML SSO configuration will be updated",
description:
"Changes to SAML settings may require updating your application's SAML configuration and certificates.",
},
ldap: {
title: "LDAP directory integration will be updated",
description:
"Changes to LDAP settings may affect how users authenticate with their network credentials.",
},
proxy: {
title: "Proxy authentication will be updated",
description:
"Changes to proxy settings may affect how the authentication proxy forwards requests to your application.",
},
};
return providerInfo[applicationForm.providerType] || providerInfo.oauth2;
};
// Reset form to original values
const resetForm = () => {
if (originalApplication.value) {
applicationForm.name = originalApplication.value.name || "";
applicationForm.slug = originalApplication.value.slug || "";
applicationForm.description =
originalApplication.value.meta_description || "";
applicationForm.launchUrl =
originalApplication.value.launch_url ||
originalApplication.value.meta_launch_url ||
"";
}
};
// Initialize
onMounted(() => {
fetchApplication();
});
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Loading State -->
<div v-if="isLoading" class="flex items-center justify-center py-12">
<div class="text-center">
<div
class="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto"
></div>
<p class="text-gray-600 dark:text-gray-400 mt-4">
Loading application data...
</p>
</div>
</div>
<!-- Edit Form -->
<div v-else>
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">
Edit Application
</h1>
<p class="text-gray-600 dark:text-gray-400">
Update application configuration and settings
</p>
</div>
<div class="flex space-x-3">
<rs-button
@click="navigateTo(`/applications/${applicationId}`)"
variant="secondary"
>
<Icon name="ph:arrow-left" class="w-4 h-4 mr-2" />
Cancel
</rs-button>
<rs-button
@click="resetForm"
variant="primary-outline"
:disabled="!hasChanges"
>
<Icon name="ph:arrow-clockwise" class="w-4 h-4 mr-2" />
Reset Changes
</rs-button>
<rs-button
@click="updateApplication"
:disabled="!isFormValid || !hasChanges || isSaving"
variant="primary"
>
<Icon
v-if="isSaving"
name="ph:spinner"
class="w-4 h-4 mr-2 animate-spin"
/>
<Icon v-else name="ph:floppy-disk" class="w-4 h-4 mr-2" />
{{ isSaving ? "Saving..." : "Save Changes" }}
</rs-button>
</div>
</div>
</div>
<!-- Changes Indicator -->
<div v-if="hasChanges" class="mb-6">
<div
class="bg-orange-50 dark:bg-orange-900/20 border border-orange-200 dark:border-orange-800 rounded-lg p-4"
>
<div class="flex items-center">
<Icon
name="ph:warning"
class="w-5 h-5 text-orange-600 dark:text-orange-400 mr-2"
/>
<span class="text-sm text-orange-700 dark:text-orange-300">
You have unsaved changes. Don't forget to save your modifications.
</span>
</div>
</div>
</div>
<!-- Single Card Form - Exactly like create page -->
<rs-card>
<template #header>
<Icon name="ph:pencil" class="text-blue-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">
Application Details
</h3>
</template>
<template #body>
<FormKit type="form" :actions="false">
<div class="space-y-6">
<!-- Basic Information -->
<div class="space-y-4">
<h4
class="text-sm font-medium text-gray-700 dark:text-gray-300"
>
Basic Information
</h4>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="applicationForm.name"
type="text"
label="Application Name"
placeholder="e.g., Employee Portal"
validation="required"
validation-visibility="dirty"
@input="generateSlug"
help="What should we call this application?"
/>
<FormKit
v-model="applicationForm.slug"
type="text"
label="URL Identifier"
placeholder="employee-portal"
validation="required"
validation-visibility="dirty"
help="Auto-generated from name"
disabled
/>
</div>
<FormKit
v-model="applicationForm.description"
type="textarea"
label="Description"
placeholder="Brief description of what this application does"
validation="required"
validation-visibility="dirty"
rows="3"
help="Explain what users will use this application for"
/>
<FormKit
v-model="applicationForm.launchUrl"
type="url"
label="Application Website"
placeholder="https://portal.company.com"
validation="required|url"
validation-visibility="dirty"
help="Where users will go to access this application"
/>
</div>
<!-- Application Type -->
<div class="space-y-4">
<h4
class="text-sm font-medium text-gray-700 dark:text-gray-300"
>
Application Type
</h4>
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
<div
v-for="type in setupTypes"
:key="type.id"
@click="applicationForm.setupType = type.id"
class="relative p-4 border-2 rounded-lg cursor-pointer transition-colors hover:border-blue-500"
:class="{
'border-blue-500 bg-blue-50 dark:bg-blue-900/20':
applicationForm.setupType === type.id,
'border-gray-200 dark:border-gray-700':
applicationForm.setupType !== type.id,
}"
>
<div class="flex items-start space-x-3">
<div class="text-2xl">{{ type.name.split(" ")[0] }}</div>
<div class="flex-1">
<h3
class="text-sm font-medium text-gray-900 dark:text-white"
>
{{ type.name.substring(2) }}
</h3>
<p
class="text-xs text-gray-600 dark:text-gray-400 mt-1"
>
{{ type.description }}
</p>
<div v-if="type.popular" class="mt-2">
<rs-badge variant="primary">Most Popular</rs-badge>
</div>
</div>
</div>
<div
v-if="applicationForm.setupType === type.id"
class="absolute top-2 right-2"
>
<Icon
name="ph:check-circle-fill"
class="w-5 h-5 text-blue-500"
/>
</div>
</div>
</div>
</div>
<!-- Authentication Provider -->
<div class="space-y-4">
<h4
class="text-sm font-medium text-gray-700 dark:text-gray-300"
>
Authentication Method
</h4>
<p class="text-xs text-gray-600 dark:text-gray-400">
Choose how users will log into this application
</p>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div
v-for="provider in providerTypes"
:key="provider.id"
@click="applicationForm.providerType = provider.id"
class="relative p-4 border-2 rounded-lg cursor-pointer transition-colors hover:border-green-500"
:class="{
'border-green-500 bg-green-50 dark:bg-green-900/20':
applicationForm.providerType === provider.id,
'border-gray-200 dark:border-gray-700':
applicationForm.providerType !== provider.id,
}"
>
<div class="flex items-start space-x-3">
<div class="text-xl">
{{ provider.name.split(" ")[0] }}
</div>
<div class="flex-1">
<h3
class="text-sm font-medium text-gray-900 dark:text-white"
>
{{ provider.name.substring(2) }}
</h3>
<p
class="text-xs text-gray-600 dark:text-gray-400 mt-1"
>
{{ provider.description }}
</p>
<div class="flex items-center space-x-2 mt-2">
<div v-if="provider.popular" class="mt-1">
<rs-badge variant="success" size="xs"
>Recommended</rs-badge
>
</div>
<span class="text-xs text-gray-500">{{
provider.technical
}}</span>
</div>
</div>
</div>
<div
v-if="applicationForm.providerType === provider.id"
class="absolute top-2 right-2"
>
<Icon
name="ph:check-circle-fill"
class="w-5 h-5 text-green-500"
/>
</div>
</div>
</div>
</div>
<!-- Dynamic Info Box Based on Provider -->
<div
class="bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg p-4"
>
<div class="flex items-start space-x-3">
<Icon
name="ph:info"
class="w-5 h-5 text-blue-600 dark:text-blue-400 mt-0.5"
/>
<div class="flex-1">
<h4
class="text-sm font-medium text-blue-900 dark:text-blue-100"
>
{{ getProviderInfo().title }}
</h4>
<p class="text-sm text-blue-700 dark:text-blue-300 mt-1">
{{ getProviderInfo().description }}
</p>
</div>
</div>
</div>
</div>
</FormKit>
</template>
</rs-card>
</div>
</div>
</template>
<style scoped>
input:focus {
@apply ring-2 ring-offset-2;
}
select:focus {
@apply ring-2 ring-offset-2;
}
</style>

316
pages/applications/[id]/index.vue Normal file
View File

@ -0,0 +1,316 @@
<script setup>
definePageMeta({
title: "View Application",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Applications", path: "/applications" },
{ name: "View Application", path: "", type: "current" },
],
});
import { ref, onMounted, computed } from "vue";
// Get application ID from route
const route = useRoute();
const applicationId = route.params.id;
// No need for separate toast reference as we're using $swal
// State management
const application = ref(null);
const isLoading = ref(true);
const isDeleting = ref(false);
// Fetch application details
const fetchApplication = async () => {
try {
isLoading.value = true;
const response = await $fetch(`/api/applications/${applicationId}`);
// Transform response to match our frontend format
application.value = {
id: response.slug,
name: response.name,
slug: response.slug,
description: response.meta_description || "No description provided",
status: "active", // Authentik applications are active by default
provider: response.provider_obj?.verbose_name || response.provider_obj?.name || "No Provider",
authentikId: response.pk,
launchUrl: response.launch_url || response.meta_launch_url || "#",
icon: response.meta_icon || null,
publisher: response.meta_publisher || "System",
createdAt: response.created || new Date().toISOString(),
providerType: response.provider_obj?.verbose_name_plural || "Unknown",
providerDetails: response.provider_obj || null,
};
} catch (error) {
console.error("Failed to fetch application:", error);
application.value = null;
} finally {
isLoading.value = false;
}
};
// Delete application
const deleteApplication = async () => {
if (
!confirm(
"Are you sure you want to delete this application? This action cannot be undone and will remove all associated configurations."
)
) {
return;
}
try {
isDeleting.value = true;
await $fetch(`/api/applications/${applicationId}`, {
method: "DELETE",
});
console.log("✅ Application deleted successfully");
// Use SweetAlert instead of toast
const { $swal } = useNuxtApp();
$swal.fire({
icon: 'success',
title: 'Success',
text: 'Application deleted successfully!',
timer: 2000,
showConfirmButton: false
});
// Redirect to applications list
await navigateTo("/applications");
} catch (error) {
console.error("❌ Failed to delete application:", error);
let errorMessage = "Failed to delete application. ";
if (error.data?.message) {
errorMessage += error.data.message;
} else if (error.statusCode === 404) {
errorMessage += "Application not found.";
} else if (error.statusCode === 401) {
errorMessage += "You are not authorized to delete this application.";
} else {
errorMessage += "Please try again.";
}
const { $swal } = useNuxtApp();
$swal.fire({
icon: 'error',
title: 'Error',
text: errorMessage
});
} finally {
isDeleting.value = false;
}
};
// Computed properties
const providerTypeIcon = computed(() => {
if (!application.value?.providerDetails) return "ph:shield";
const providerType = application.value.providerDetails.verbose_name_plural?.toLowerCase();
if (providerType?.includes("oauth")) return "ph:key";
if (providerType?.includes("saml")) return "ph:certificate";
if (providerType?.includes("ldap")) return "ph:tree-structure";
if (providerType?.includes("proxy")) return "ph:arrows-left-right";
return "ph:shield";
});
const statusVariant = computed(() => {
return application.value?.status === "active" ? "success" : "secondary";
});
const formatDate = (dateString) => {
if (!dateString) return "Never";
return new Date(dateString).toLocaleDateString() + " " + new Date(dateString).toLocaleTimeString();
};
// Initialize
onMounted(() => {
fetchApplication();
});
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Loading State -->
<div v-if="isLoading" class="flex items-center justify-center py-12">
<div class="text-center">
<div class="animate-spin rounded-full h-12 w-12 border-b-2 border-primary mx-auto"></div>
<p class="text-gray-600 dark:text-gray-400 mt-4">Loading application details...</p>
</div>
</div>
<!-- Error State -->
<div v-else-if="!application" class="text-center py-12">
<Icon name="ph:warning-circle" class="w-16 h-16 text-red-500 mx-auto mb-4" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white mb-2">Application Not Found</h3>
<p class="text-gray-600 dark:text-gray-400 mb-6">
The application you're looking for doesn't exist or you don't have permission to view it.
</p>
<rs-button @click="navigateTo('/applications')" variant="primary">
<Icon name="ph:arrow-left" class="w-4 h-4 mr-2" />
Back to Applications
</rs-button>
</div>
<!-- Application Details -->
<div v-else>
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div class="flex items-center space-x-4">
<div class="flex-shrink-0">
<div class="h-12 w-12 rounded-lg bg-gradient-to-br from-blue-500 to-purple-600 flex items-center justify-center">
<span class="text-lg font-bold text-white">
{{ application.name ? application.name.charAt(0).toUpperCase() : "?" }}
</span>
</div>
</div>
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">
{{ application.name }}
</h1>
<p class="text-gray-600 dark:text-gray-400">
{{ application.description }}
</p>
</div>
</div>
<div class="flex space-x-3">
<rs-button @click="navigateTo('/applications')" variant="secondary">
<Icon name="ph:arrow-left" class="w-4 h-4 mr-2" />
Back to List
</rs-button>
<rs-button @click="navigateTo(`/applications/${applicationId}/edit`)" variant="primary-outline">
<Icon name="ph:pencil" class="w-4 h-4 mr-2" />
Edit Application
</rs-button>
<rs-button
@click="deleteApplication"
:disabled="isDeleting"
variant="danger"
>
<Icon name="ph:trash" class="w-4 h-4 mr-2" />
{{ isDeleting ? 'Deleting...' : 'Delete' }}
</rs-button>
</div>
</div>
</div>
<!-- Application Information Cards -->
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6 mb-6">
<!-- Basic Information -->
<rs-card>
<template #header>
<Icon name="ph:info" class="text-blue-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Basic Information</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Status</span>
<rs-badge :variant="statusVariant">{{ application.status }}</rs-badge>
</div>
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Application ID</span>
<span class="text-sm text-gray-900 dark:text-white font-mono">{{ application.slug }}</span>
</div>
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Launch URL</span>
<a
:href="application.launchUrl"
target="_blank"
class="text-sm text-primary hover:underline flex items-center"
>
{{ application.launchUrl }}
<Icon name="ph:arrow-square-out" class="w-3 h-3 ml-1" />
</a>
</div>
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Publisher</span>
<span class="text-sm text-gray-900 dark:text-white">{{ application.publisher }}</span>
</div>
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Created</span>
<span class="text-sm text-gray-900 dark:text-white">{{ formatDate(application.createdAt) }}</span>
</div>
</div>
</template>
</rs-card>
<!-- Provider Information -->
<rs-card>
<template #header>
<Icon :name="providerTypeIcon" class="text-green-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Authentication Provider</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Provider Type</span>
<span class="text-sm text-gray-900 dark:text-white">{{ application.provider }}</span>
</div>
<div v-if="application.providerDetails" class="space-y-3">
<div class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Provider ID</span>
<span class="text-sm text-gray-900 dark:text-white font-mono">{{ application.providerDetails.pk }}</span>
</div>
<div v-if="application.providerDetails.client_id" class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Client ID</span>
<span class="text-sm text-gray-900 dark:text-white font-mono">{{ application.providerDetails.client_id }}</span>
</div>
<div v-if="application.providerDetails.authorization_flow_name" class="flex justify-between items-start">
<span class="text-sm font-medium text-gray-600 dark:text-gray-400">Auth Flow</span>
<span class="text-sm text-gray-900 dark:text-white">{{ application.providerDetails.authorization_flow_name }}</span>
</div>
</div>
<div v-else class="text-center py-4">
<Icon name="ph:warning" class="w-8 h-8 text-orange-500 mx-auto mb-2" />
<p class="text-sm text-orange-600 dark:text-orange-400">No provider configured</p>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Access Control -->
<rs-card>
<template #header>
<Icon name="ph:users" class="text-purple-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Access Control</h3>
</template>
<template #body>
<div class="text-center py-8">
<Icon name="ph:shield-check" class="w-12 h-12 text-gray-400 mx-auto mb-4" />
<h4 class="text-lg font-medium text-gray-900 dark:text-white mb-2">Access Control Configuration</h4>
<p class="text-gray-600 dark:text-gray-400 mb-6">
Configure which users and groups can access this application.
</p>
<rs-button variant="primary-outline" disabled>
<Icon name="ph:gear" class="w-4 h-4 mr-2" />
Configure Access (Coming Soon)
</rs-button>
</div>
</template>
</rs-card>
</div>
</div>
</template>
<style scoped>
/* Component specific styles */
</style>

451
pages/applications/create.vue Normal file
View File

@ -0,0 +1,451 @@
<script setup>
definePageMeta({
title: "Create Application",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Applications", path: "/applications" },
{
name: "Create Application",
path: "/applications/create",
type: "current",
},
],
});
import { ref, reactive, computed } from "vue";
const { $swal } = useNuxtApp();
// Super simplified form - only what users really need
const applicationForm = reactive({
name: "",
slug: "",
description: "",
launchUrl: "",
setupType: "web-app", // Default to most common type
providerType: "oauth2", // Default to most common provider
});
// Loading state
const isLoading = ref(false);
// Super simple setup types - no tech jargon
const setupTypes = ref([
{
id: "web-app",
name: "🌐 Website/Web App",
description: "For websites and web applications that users log into",
popular: true,
},
{
id: "mobile-app",
name: "📱 Mobile App",
description: "For mobile apps (iPhone, Android) that need login",
popular: false,
},
{
id: "desktop-app",
name: "💻 Desktop App",
description: "For desktop software that needs user authentication",
popular: false,
},
]);
// Simple provider presets - industry standards
const providerTypes = ref([
{
id: "oauth2",
name: "🔐 OAuth2/OIDC",
description: "Modern login standard - works with most apps (Recommended)",
popular: true,
technical: "OAuth2/OpenID Connect",
},
{
id: "saml",
name: "🏢 SAML SSO",
description: "Enterprise single sign-on - common in large companies",
popular: false,
technical: "SAML 2.0",
},
{
id: "ldap",
name: "📁 LDAP Directory",
description: "Connect to Active Directory or LDAP servers",
popular: false,
technical: "LDAP/Active Directory",
},
{
id: "proxy",
name: "🔄 Proxy Auth",
description: "For older apps that don't support modern login",
popular: false,
technical: "Forward Auth Proxy",
},
]);
// Simple validation
const isFormValid = computed(() => {
return (
applicationForm.name &&
applicationForm.description &&
applicationForm.launchUrl &&
applicationForm.setupType &&
applicationForm.providerType
);
});
// Auto-generate slug when name changes
const generateSlug = () => {
if (applicationForm.name) {
applicationForm.slug = applicationForm.name
.toLowerCase()
.replace(/[^a-z0-9]/g, "-")
.replace(/-+/g, "-")
.replace(/^-|-$/g, "");
}
};
// Create application - super simplified
const createApplication = async () => {
if (!isFormValid.value) return;
isLoading.value = true;
try {
const applicationData = {
name: applicationForm.name,
slug: applicationForm.slug,
meta_description: applicationForm.description,
meta_launch_url: applicationForm.launchUrl,
meta_publisher: "IT Department",
setupType: applicationForm.setupType,
providerType: applicationForm.providerType,
};
console.log("Creating application:", applicationData);
const response = await $fetch("/api/applications", {
method: "POST",
body: applicationData,
});
console.log("Application created successfully:", response);
// Show success toast
$swal.fire({
title: "Application created successfully!",
text: "You can now access the application from the applications list.",
icon: "success",
confirmButtonText: "OK",
});
// Success - redirect back to applications list after short delay
setTimeout(async () => {
await navigateTo("/applications");
}, 1000);
} catch (error) {
console.error("Failed to create application:", error);
// Show error toast with specific message
let errorMessage = "Failed to create application. ";
if (error.data?.message) {
errorMessage += error.data.message;
} else {
errorMessage += "Please check the details and try again.";
}
$swal.fire({
title: "Failed to create application!",
text: errorMessage,
icon: "error",
confirmButtonText: "OK",
});
} finally {
isLoading.value = false;
}
};
// Get dynamic info based on selected provider
const getProviderInfo = () => {
const providerInfo = {
oauth2: {
title: "OAuth2 will be automatically configured",
description:
"We'll create secure OAuth2 credentials and configure the callback URL. Your app will support modern login standards used by Google, Microsoft, and other major platforms.",
},
saml: {
title: "SAML SSO will be automatically configured",
description:
"We'll set up SAML 2.0 single sign-on with enterprise-grade security. This is perfect for connecting with corporate identity systems and Active Directory.",
},
ldap: {
title: "LDAP directory integration will be configured",
description:
"We'll configure LDAP/Active Directory authentication. Users can log in with their existing network credentials without any additional setup.",
},
proxy: {
title: "Proxy authentication will be configured",
description:
"We'll set up forward authentication for legacy applications. This adds modern login to apps that don't support OAuth2 or SAML natively.",
},
};
return providerInfo[applicationForm.providerType] || providerInfo.oauth2;
};
const resetForm = () => {
Object.assign(applicationForm, {
name: "",
slug: "",
description: "",
launchUrl: "",
setupType: "web-app",
providerType: "oauth2",
});
};
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">
Add New Application
</h1>
<p class="text-gray-600 dark:text-gray-400">
Create an application for your users to access with single sign-on
</p>
</div>
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
<Icon name="ph:arrow-clockwise" class="w-4 h-4 mr-2" />
Clear Form
</rs-button>
<rs-button
@click="createApplication"
:disabled="!isFormValid || isLoading"
variant="primary"
>
<Icon
v-if="isLoading"
name="ph:spinner"
class="w-4 h-4 mr-2 animate-spin"
/>
<Icon v-else name="ph:plus" class="w-4 h-4 mr-2" />
{{ isLoading ? "Creating..." : "Create Application" }}
</rs-button>
</div>
</div>
</div>
<!-- Single Card Form - No Complex Steps -->
<rs-card>
<template #header>
<Icon name="ph:app-window" class="text-blue-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">
Application Details
</h3>
</template>
<template #body>
<FormKit type="form" :actions="false">
<div class="space-y-6">
<!-- Basic Information -->
<div class="space-y-4">
<h4 class="text-sm font-medium text-gray-700 dark:text-gray-300">
Basic Information
</h4>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="applicationForm.name"
type="text"
label="Application Name"
placeholder="e.g., Employee Portal"
validation="required"
validation-visibility="dirty"
@input="generateSlug"
help="What should we call this application?"
/>
<FormKit
v-model="applicationForm.slug"
type="text"
label="URL Identifier"
placeholder="employee-portal"
validation="required"
validation-visibility="dirty"
help="Auto-generated from name"
disabled
/>
</div>
<FormKit
v-model="applicationForm.description"
type="textarea"
label="Description"
placeholder="Brief description of what this application does"
validation="required"
validation-visibility="dirty"
rows="3"
help="Explain what users will use this application for"
/>
<FormKit
v-model="applicationForm.launchUrl"
type="url"
label="Application Website"
placeholder="https://portal.company.com"
validation="required|url"
validation-visibility="dirty"
help="Where users will go to access this application"
/>
</div>
<!-- Application Type -->
<div class="space-y-4">
<h4 class="text-sm font-medium text-gray-700 dark:text-gray-300">
Application Type
</h4>
<div class="grid grid-cols-1 md:grid-cols-3 gap-4">
<div
v-for="type in setupTypes"
:key="type.id"
@click="applicationForm.setupType = type.id"
class="relative p-4 border-2 rounded-lg cursor-pointer transition-colors hover:border-blue-500"
:class="{
'border-blue-500 bg-blue-50 dark:bg-blue-900/20':
applicationForm.setupType === type.id,
'border-gray-200 dark:border-gray-700':
applicationForm.setupType !== type.id,
}"
>
<div class="flex items-start space-x-3">
<div class="text-2xl">{{ type.name.split(" ")[0] }}</div>
<div class="flex-1">
<h3
class="text-sm font-medium text-gray-900 dark:text-white"
>
{{ type.name.substring(2) }}
</h3>
<p class="text-xs text-gray-600 dark:text-gray-400 mt-1">
{{ type.description }}
</p>
<div v-if="type.popular" class="mt-2">
<rs-badge variant="primary">Most Popular</rs-badge>
</div>
</div>
</div>
<div
v-if="applicationForm.setupType === type.id"
class="absolute top-2 right-2"
>
<Icon
name="ph:check-circle-fill"
class="w-5 h-5 text-blue-500"
/>
</div>
</div>
</div>
</div>
<!-- Authentication Provider -->
<div class="space-y-4">
<h4 class="text-sm font-medium text-gray-700 dark:text-gray-300">
Authentication Method
</h4>
<p class="text-xs text-gray-600 dark:text-gray-400">
Choose how users will log into this application
</p>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<div
v-for="provider in providerTypes"
:key="provider.id"
@click="applicationForm.providerType = provider.id"
class="relative p-4 border-2 rounded-lg cursor-pointer transition-colors hover:border-green-500"
:class="{
'border-green-500 bg-green-50 dark:bg-green-900/20':
applicationForm.providerType === provider.id,
'border-gray-200 dark:border-gray-700':
applicationForm.providerType !== provider.id,
}"
>
<div class="flex items-start space-x-3">
<div class="text-xl">{{ provider.name.split(" ")[0] }}</div>
<div class="flex-1">
<h3
class="text-sm font-medium text-gray-900 dark:text-white"
>
{{ provider.name.substring(2) }}
</h3>
<p class="text-xs text-gray-600 dark:text-gray-400 mt-1">
{{ provider.description }}
</p>
<div class="flex items-center space-x-2 mt-2">
<div v-if="provider.popular" class="mt-1">
<rs-badge variant="success" size="xs"
>Recommended</rs-badge
>
</div>
<span class="text-xs text-gray-500">{{
provider.technical
}}</span>
</div>
</div>
</div>
<div
v-if="applicationForm.providerType === provider.id"
class="absolute top-2 right-2"
>
<Icon
name="ph:check-circle-fill"
class="w-5 h-5 text-green-500"
/>
</div>
</div>
</div>
</div>
<!-- Dynamic Info Box Based on Provider -->
<div
class="bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg p-4"
>
<div class="flex items-start space-x-3">
<Icon
name="ph:info"
class="w-5 h-5 text-blue-600 dark:text-blue-400 mt-0.5"
/>
<div class="flex-1">
<h4
class="text-sm font-medium text-blue-900 dark:text-blue-100"
>
{{ getProviderInfo().title }}
</h4>
<p class="text-sm text-blue-700 dark:text-blue-300 mt-1">
{{ getProviderInfo().description }}
</p>
</div>
</div>
</div>
</div>
</FormKit>
</template>
</rs-card>
</div>
</template>
<style scoped>
input:focus {
@apply ring-2 ring-offset-2;
}
select:focus {
@apply ring-2 ring-offset-2;
}
</style>

479
pages/applications/index.vue Normal file
View File

@ -0,0 +1,479 @@
<script setup>
definePageMeta({
title: "Applications",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Applications", path: "/applications", type: "current" },
],
});
import { ref, onMounted, computed } from "vue";
// State management
const applications = ref([]);
const isLoading = ref(true);
const isDeleting = ref(false);
const searchQuery = ref("");
const selectedStatus = ref("all");
const selectedProvider = ref("all");
// Fetch applications from Authentik
const fetchApplications = async () => {
try {
isLoading.value = true;
const response = await $fetch("/api/applications");
// Map Authentik response to our frontend format
applications.value =
response.results?.map((app) => {
// Better provider detection based on actual provider type
let providerName = "No Provider";
if (app.provider_obj) {
providerName =
app.provider_obj.verbose_name ||
app.provider_obj.name ||
"Unknown Provider";
} else if (app.provider) {
// If provider exists but no provider_obj, it might be loading
providerName = "Loading...";
}
return {
id: app.slug, // Use slug as ID for consistency with Authentik API
name: app.name,
slug: app.slug,
description: app.meta_description || "No description provided",
status: "active", // Authentik applications are active by default
provider: providerName,
authentikId: app.pk, // Keep the original pk for reference
launchUrl: app.launch_url || app.meta_launch_url || "#",
icon: app.meta_icon || null,
publisher: app.meta_publisher || "System",
createdAt: app.created || new Date().toISOString(),
};
}) || [];
} catch (error) {
console.error("Failed to fetch applications:", error);
applications.value = [];
} finally {
isLoading.value = false;
}
};
// Computed properties
const filteredApplications = computed(() => {
let filtered = applications.value.filter((app) => app && app.name);
if (searchQuery.value) {
const query = searchQuery.value.toLowerCase();
filtered = filtered.filter(
(app) =>
(app.name && app.name.toLowerCase().includes(query)) ||
(app.description && app.description.toLowerCase().includes(query)) ||
(app.publisher && app.publisher.toLowerCase().includes(query))
);
}
if (selectedStatus.value !== "all") {
filtered = filtered.filter((app) => app.status === selectedStatus.value);
}
if (selectedProvider.value !== "all") {
filtered = filtered.filter(
(app) => app.provider === selectedProvider.value
);
}
return filtered;
});
const stats = computed(() => ({
totalApps: applications.value.length,
activeApps: applications.value.filter((app) => app.status === "active")
.length,
totalUsers: 0, // We'll need to fetch this from groups/users if needed
}));
const providers = computed(() => {
const uniqueProviders = [
...new Set(
applications.value
.filter((app) => app && app.provider)
.map((app) => app.provider)
),
];
return uniqueProviders.map((provider) => ({
value: provider,
label: provider,
}));
});
// Methods
const deleteApplication = async (applicationSlug) => {
// Get the application name for the confirmation message
const app = applications.value.find((app) => app.id === applicationSlug);
if (!app) return;
// Check if this is a protected application
if (isProtectedApplication(app.name)) {
const { $swal } = useNuxtApp();
$swal.fire({
icon: "warning",
title: "Protected Application",
text: "This application is used for system authentication and cannot be deleted.",
confirmButtonText: "Understood",
});
return;
}
// Use SweetAlert for confirmation
const { $swal } = useNuxtApp();
const result = await $swal.fire({
icon: "warning",
title: "Delete Application?",
text: `Are you sure you want to delete "${app.name}"? This action cannot be undone.`,
showCancelButton: true,
confirmButtonText: "Yes, delete it",
confirmButtonColor: "#dc2626",
cancelButtonText: "Cancel",
reverseButtons: true,
});
// If user didn't confirm, abort
if (!result.isConfirmed) return;
console.log(
`🗑️ Frontend: Deleting application with slug: ${applicationSlug}`
);
try {
isDeleting.value = true;
await $fetch(`/api/applications/${applicationSlug}`, {
method: "DELETE",
});
// Remove from local state (now using slug as id)
const index = applications.value.findIndex(
(app) => app.id === applicationSlug
);
if (index > -1) {
applications.value.splice(index, 1);
}
console.log("✅ Application deleted successfully");
// Use SweetAlert instead of alert
const { $swal } = useNuxtApp();
$swal.fire({
icon: "success",
title: "Success",
text: "Application deleted successfully!",
timer: 2000,
showConfirmButton: false,
});
} catch (error) {
console.error("❌ Failed to delete application:", error);
// Show more specific error message
let errorMessage = "Failed to delete application. ";
if (error.data?.message) {
errorMessage += error.data.message;
} else if (error.statusCode === 404) {
errorMessage += "Application not found.";
} else if (error.statusCode === 401) {
errorMessage += "You are not authorized to delete this application.";
} else {
errorMessage += "Please try again.";
}
// Use SweetAlert instead of alert
const { $swal } = useNuxtApp();
$swal.fire({
icon: "error",
title: "Error",
text: errorMessage,
});
} finally {
isDeleting.value = false;
}
};
const formatDate = (dateString) => {
if (!dateString) return "Never";
return (
new Date(dateString).toLocaleDateString() +
" " +
new Date(dateString).toLocaleTimeString()
);
};
const getStatusVariant = (status) => {
switch (status) {
case "active":
return "success";
case "development":
return "warning";
case "inactive":
return "secondary";
default:
return "secondary";
}
};
// Check if an application is protected (cannot be deleted)
const isProtectedApplication = (appName) => {
// List of protected applications that should not be deleted
const protectedApps = [
"CORRAD RBAC", // Main SSO application
"corrad-rbac",
"Authentik",
"authentik",
"CORRAD RBAC test2", // From the screenshot
];
// Case-insensitive check
return protectedApps.some(
(name) => appName && appName.toLowerCase().includes(name.toLowerCase())
);
};
// Initialize
onMounted(() => {
fetchApplications();
});
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">
Applications
</h1>
<p class="text-gray-600 dark:text-gray-400">
Manage applications integrated with Authentik
</p>
</div>
<div class="flex space-x-3">
<rs-button @click="navigateTo('/applications/create')">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Create Application
</rs-button>
</div>
</div>
</div>
<!-- Stats Cards -->
<div class="grid grid-cols-1 md:grid-cols-3 gap-6 mb-6">
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div
class="w-8 h-8 bg-blue-100 dark:bg-blue-900 rounded-lg flex items-center justify-center"
>
<Icon
name="ph:app-window"
class="w-5 h-5 text-blue-600 dark:text-blue-400"
/>
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">
Total Applications
</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">
{{ stats.totalApps }}
</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div
class="w-8 h-8 bg-green-100 dark:bg-green-900 rounded-lg flex items-center justify-center"
>
<Icon
name="ph:check-circle"
class="w-5 h-5 text-green-600 dark:text-green-400"
/>
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">
Active Applications
</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">
{{ stats.activeApps }}
</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div
class="w-8 h-8 bg-orange-100 dark:bg-orange-900 rounded-lg flex items-center justify-center"
>
<Icon
name="ph:users"
class="w-5 h-5 text-orange-600 dark:text-orange-400"
/>
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">
Total App Users
</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">
{{ stats.totalUsers }}
</p>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Applications Table -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">
All Applications
</h3>
<rs-badge variant="info">{{ stats.totalApps }} applications</rs-badge>
</div>
</template>
<template #body>
<RsTable
:field="['name', 'status', 'provider', 'users', 'created', 'actions']"
:data="filteredApplications"
:advanced="true"
>
<!-- Name Column -->
<template #name="{ value }">
<div class="flex items-center" v-if="value">
<div class="flex-shrink-0 h-10 w-10">
<div
class="h-10 w-10 rounded-lg bg-gradient-to-br from-blue-500 to-purple-600 flex items-center justify-center"
>
<span class="text-sm font-medium text-white">{{
value.name ? value.name.charAt(0).toUpperCase() : "?"
}}</span>
</div>
</div>
<div class="ml-4">
<div
class="text-sm font-medium text-gray-900 dark:text-white hover:text-primary cursor-pointer"
@click="navigateTo(`/applications/${value.id}`)"
>
{{ value.name }}
</div>
<div class="text-sm text-gray-500 dark:text-gray-400">
{{ value.description || "No description" }}
</div>
</div>
</div>
</template>
<!-- Status Column -->
<template #status="{ value }">
<rs-badge
:variant="getStatusVariant(value?.status || 'inactive')"
v-if="value"
>
{{ value.status || "Unknown" }}
</rs-badge>
</template>
<!-- Provider Column -->
<template #provider="{ value }">
<div class="flex items-center" v-if="value && value.provider">
<Icon
:name="
value.provider === 'OAuth2/OIDC' ? 'ph:key' : 'ph:shield'
"
class="w-4 h-4 mr-2 text-gray-400"
/>
<span class="text-sm text-gray-900 dark:text-white">{{
value.provider
}}</span>
</div>
</template>
<!-- Users Column -->
<template #users="{ value }">
<div class="text-sm" v-if="value">
<div class="text-gray-900 dark:text-white">
{{ value.userCount || 0 }} users
</div>
<div class="text-gray-500 dark:text-gray-400">
{{ value.roleCount || 0 }} roles
</div>
</div>
</template>
<!-- Created Column -->
<template #created="{ value }">
<div class="text-sm" v-if="value">
<div class="text-gray-900 dark:text-white">
{{ formatDate(value.createdAt) }}
</div>
<div class="text-gray-500 dark:text-gray-400">
{{ value.createdBy || "System" }}
</div>
</div>
</template>
<!-- Actions Column -->
<template #actions="{ value }">
<div
class="flex items-center space-x-2"
v-if="value && value.id && !isProtectedApplication(value.name)"
>
<button
class="text-primary hover:text-primary/80 p-2 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-800"
@click="navigateTo(`/applications/${value.id}`)"
title="View Application"
>
<Icon name="ph:eye" class="w-4 h-4" />
</button>
<button
class="text-primary hover:text-primary/80 p-2 rounded-lg hover:bg-gray-100 dark:hover:bg-gray-800"
@click="navigateTo(`/applications/${value.id}/edit`)"
title="Edit Application"
>
<Icon name="ph:pencil" class="w-4 h-4" />
</button>
<button
class="text-red-600 hover:text-red-800 p-2 rounded-lg hover:bg-red-50 dark:hover:bg-red-900/20"
@click="deleteApplication(value.id)"
title="Delete Application"
>
<Icon name="ph:trash" class="w-4 h-4" />
</button>
</div>
<div class="flex items-center space-x-2" v-else>-</div>
</template>
</RsTable>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Component specific styles */
</style>

455
pages/applications/resources.vue Normal file
View File

@ -0,0 +1,455 @@
<script setup>
definePageMeta({
title: "Application Resources",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Applications", path: "/applications" },
{ name: "Resources", path: "/applications/resources", type: "current" }
]
});
import { ref, reactive, computed } from 'vue'
import { useRoute } from 'vue-router'
const route = useRoute()
const activeTab = ref('menus')
// Application selector (in real app, this would be populated from API)
const applications = ref([
{ id: '1', name: 'corradAF', description: 'Main Application', status: 'active' },
{ id: '2', name: 'HR System', description: 'Human Resources', status: 'active' },
{ id: '3', name: 'Finance System', description: 'Financial Management', status: 'development' }
])
const selectedAppId = ref(route.query.appId || '1')
// Resources state management
const resources = reactive({
menus: [
{ id: '1', key: 'menu.dashboard', name: 'Dashboard', path: '/dashboard', level: 0 },
{ id: '2', key: 'menu.users', name: 'Users', path: '/users', level: 0 }
],
components: [
{ id: '1', key: 'component.user.edit_button', name: 'User Edit Button' },
{ id: '2', key: 'component.user.delete_button', name: 'User Delete Button' }
],
features: [
{ id: '1', key: 'feature.export.data', name: 'Export Data' },
{ id: '2', key: 'feature.approve.requests', name: 'Approve Requests' }
]
})
// Form states
const menuForm = reactive({
name: '',
key: '',
path: '',
level: 0
})
const componentForm = reactive({
name: '',
key: ''
})
const featureForm = reactive({
name: '',
key: ''
})
// Form handlers
const handleMenuSubmit = (data) => {
const newMenu = {
id: Date.now().toString(),
...data
}
resources.menus.push(newMenu)
menuForm.name = ''
menuForm.key = ''
menuForm.path = ''
menuForm.level = 0
}
const handleComponentSubmit = (data) => {
const newComponent = {
id: Date.now().toString(),
...data
}
resources.components.push(newComponent)
componentForm.name = ''
componentForm.key = ''
}
const handleFeatureSubmit = (data) => {
const newFeature = {
id: Date.now().toString(),
...data
}
resources.features.push(newFeature)
featureForm.name = ''
featureForm.key = ''
}
// Delete handlers
const deleteMenu = (id) => {
resources.menus = resources.menus.filter(menu => menu.id !== id)
}
const deleteComponent = (id) => {
resources.components = resources.components.filter(component => component.id !== id)
}
const deleteFeature = (id) => {
resources.features = resources.features.filter(feature => feature.id !== id)
}
// Auto-generate keys based on names
const generateKey = (prefix, name) => {
return `${prefix}.${name.toLowerCase().replace(/\s+/g, '_')}`
}
const updateMenuKey = (name) => {
menuForm.key = generateKey('menu', name)
}
const updateComponentKey = (name) => {
componentForm.key = generateKey('component', name)
}
const updateFeatureKey = (name) => {
featureForm.key = generateKey('feature', name)
}
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<rs-card class="mb-6">
<template #body>
<div class="flex flex-col lg:flex-row lg:items-center lg:justify-between">
<div class="mb-4 lg:mb-0">
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Application Resources</h1>
<p class="text-gray-600 dark:text-gray-400">Manage menus, components, and features for your application</p>
</div>
<!-- Application Selector -->
<div class="min-w-48">
<label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Application</label>
<select
v-model="selectedAppId"
class="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-md bg-white dark:bg-gray-700 text-gray-900 dark:text-white"
>
<option v-for="app in applications" :key="app.id" :value="app.id">
{{ app.name }}
</option>
</select>
</div>
</div>
</template>
</rs-card>
<!-- Tab Navigation -->
<div class="mb-6">
<nav class="flex space-x-8 border-b border-gray-200 dark:border-gray-700">
<button
v-for="tab in [
{ id: 'menus', name: 'Menus', icon: 'ph:list' },
{ id: 'components', name: 'Components', icon: 'ph:squares-four' },
{ id: 'features', name: 'Features', icon: 'ph:gear' }
]"
:key="tab.id"
@click="activeTab = tab.id"
:class="[
'flex items-center py-2 px-1 border-b-2 font-medium text-sm transition-colors',
activeTab === tab.id
? 'border-primary text-primary'
: 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 dark:text-gray-400 dark:hover:text-gray-300'
]"
>
<Icon :name="tab.icon" class="w-5 h-5 mr-2" />
{{ tab.name }}
</button>
</nav>
</div>
<!-- Content -->
<div class="space-y-6">
<!-- Menus Tab -->
<div v-if="activeTab === 'menus'" class="space-y-6">
<!-- Add Menu Form -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Add New Menu</h3>
</template>
<template #body>
<FormKit
type="form"
:config="{ validationVisibility: 'submit' }"
@submit="handleMenuSubmit"
:value="menuForm"
:actions="false"
>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<FormKit
type="text"
name="name"
label="Menu Name"
validation="required"
@input="updateMenuKey($event)"
/>
<FormKit
type="text"
name="key"
label="Menu Key"
validation="required"
help="Unique identifier for this menu"
:disabled="true"
/>
<FormKit
type="text"
name="path"
label="Menu Path"
validation="required"
help="URL path for this menu item (e.g., /dashboard)"
/>
<FormKit
type="number"
name="level"
label="Menu Level"
validation="required|min:0"
help="0 for root level, 1+ for nested items"
/>
</div>
<div class="mt-6 flex justify-end">
<rs-button type="submit" variant="primary">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Add Menu
</rs-button>
</div>
</FormKit>
</template>
</rs-card>
<!-- Menu List -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Menu Items</h3>
<rs-badge variant="secondary">{{ resources.menus.length }} items</rs-badge>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Name</th>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Key</th>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Path</th>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Level</th>
<th class="px-6 py-3 text-right text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Actions</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="menu in resources.menus" :key="menu.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ menu.name }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400 font-mono">
{{ menu.key }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400">
{{ menu.path }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400">
{{ menu.level }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm">
<rs-button @click="deleteMenu(menu.id)" variant="danger-outline" size="sm">
<Icon name="ph:trash" class="w-4 h-4" />
</rs-button>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
</div>
<!-- Components Tab -->
<div v-if="activeTab === 'components'" class="space-y-6">
<!-- Add Component Form -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Add New Component</h3>
</template>
<template #body>
<FormKit
type="form"
:config="{ validationVisibility: 'submit' }"
@submit="handleComponentSubmit"
:value="componentForm"
:actions="false"
>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<FormKit
type="text"
name="name"
label="Component Name"
validation="required"
@input="updateComponentKey($event)"
/>
<FormKit
type="text"
name="key"
label="Component Key"
validation="required"
help="Unique identifier for this component"
:disabled="true"
/>
</div>
<div class="mt-6 flex justify-end">
<rs-button type="submit" variant="primary">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Add Component
</rs-button>
</div>
</FormKit>
</template>
</rs-card>
<!-- Component List -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Components</h3>
<rs-badge variant="secondary">{{ resources.components.length }} items</rs-badge>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Name</th>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Key</th>
<th class="px-6 py-3 text-right text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Actions</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="component in resources.components" :key="component.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ component.name }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400 font-mono">
{{ component.key }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm">
<rs-button @click="deleteComponent(component.id)" variant="danger-outline" size="sm">
<Icon name="ph:trash" class="w-4 h-4" />
</rs-button>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
</div>
<!-- Features Tab -->
<div v-if="activeTab === 'features'" class="space-y-6">
<!-- Add Feature Form -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Add New Feature</h3>
</template>
<template #body>
<FormKit
type="form"
:config="{ validationVisibility: 'submit' }"
@submit="handleFeatureSubmit"
:value="featureForm"
:actions="false"
>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<FormKit
type="text"
name="name"
label="Feature Name"
validation="required"
@input="updateFeatureKey($event)"
/>
<FormKit
type="text"
name="key"
label="Feature Key"
validation="required"
help="Unique identifier for this feature"
:disabled="true"
/>
</div>
<div class="mt-6 flex justify-end">
<rs-button type="submit" variant="primary">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Add Feature
</rs-button>
</div>
</FormKit>
</template>
</rs-card>
<!-- Feature List -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Features</h3>
<rs-badge variant="secondary">{{ resources.features.length }} items</rs-badge>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Name</th>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Key</th>
<th class="px-6 py-3 text-right text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">Actions</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="feature in resources.features" :key="feature.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ feature.name }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500 dark:text-gray-400 font-mono">
{{ feature.key }}
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm">
<rs-button @click="deleteFeature(feature.id)" variant="danger-outline" size="sm">
<Icon name="ph:trash" class="w-4 h-4" />
</rs-button>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
</div>
</div>
</div>
</template>

398
pages/create-user/index.vue Normal file
View File

@ -0,0 +1,398 @@
<script setup>
definePageMeta({
title: "Create User",
middleware: ["auth"],
requiresAuth: true,
});
import { ref, reactive } from 'vue'
// Form data
const formData = reactive({
fullName: '',
username: '',
email: '',
phone: '',
password: '',
confirmPassword: '',
status: 'active',
mfaEnabled: true,
mfaMethod: 'authenticator_app'
})
// Form validation
const errors = reactive({})
const isSubmitting = ref(false)
// Status options
const statusOptions = [
{ value: 'active', label: 'Active' },
{ value: 'inactive', label: 'Inactive' },
{ value: 'pending', label: 'Pending' }
]
// MFA Method options
const mfaMethodOptions = [
{ value: 'authenticator_app', label: 'Authenticator App' },
{ value: 'sms', label: 'SMS' },
{ value: 'email', label: 'Email' }
]
// Validation functions
const validateForm = () => {
const newErrors = {}
if (!formData.fullName.trim()) {
newErrors.fullName = 'Full name is required'
}
if (!formData.username.trim()) {
newErrors.username = 'Username is required'
} else if (formData.username.length < 3) {
newErrors.username = 'Username must be at least 3 characters'
}
if (!formData.email.trim()) {
newErrors.email = 'Email is required'
} else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(formData.email)) {
newErrors.email = 'Please enter a valid email address'
}
if (!formData.phone.trim()) {
newErrors.phone = 'Phone number is required'
}
if (!formData.password) {
newErrors.password = 'Password is required'
} else if (formData.password.length < 8) {
newErrors.password = 'Password must be at least 8 characters'
}
if (formData.password !== formData.confirmPassword) {
newErrors.confirmPassword = 'Passwords do not match'
}
Object.assign(errors, newErrors)
return Object.keys(newErrors).length === 0
}
// Clear specific error
const clearError = (field) => {
delete errors[field]
}
// Submit form
const submitForm = async () => {
if (!validateForm()) {
return
}
isSubmitting.value = true
try {
// Prepare data for submission (exclude confirmPassword)
const { confirmPassword, ...submitData } = formData
// Here you would typically make an API call
console.log('Submitting user data:', submitData)
// Simulate API call
await new Promise(resolve => setTimeout(resolve, 1000))
// Success handling using SweetAlert
const { $swal } = useNuxtApp();
$swal.fire({
icon: 'success',
title: 'Success',
text: 'User created successfully!',
timer: 2000,
showConfirmButton: false
})
// Reset form or redirect
// resetForm()
} catch (error) {
console.error('Error creating user:', error)
const { $swal } = useNuxtApp();
$swal.fire({
icon: 'error',
title: 'Error',
text: 'Error creating user. Please try again.'
})
} finally {
isSubmitting.value = false
}
}
// Reset form
const resetForm = () => {
Object.assign(formData, {
fullName: '',
username: '',
email: '',
phone: '',
password: '',
confirmPassword: '',
status: 'active',
mfaEnabled: true,
mfaMethod: 'authenticator_app'
})
Object.keys(errors).forEach(key => delete errors[key])
}
</script>
<template>
<div>
<LayoutsBreadcrumb />
<rs-card>
<template #header>
<div class="flex justify-between items-center">
<h2 class="text-xl font-semibold">Create User</h2>
</div>
</template>
<template #body>
<form @submit.prevent="submitForm" class="space-y-6">
<!-- Personal Information Section -->
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<!-- Full Name -->
<div>
<label for="fullName" class="block text-sm font-medium text-gray-700 mb-2">
Full Name <span class="text-red-500">*</span>
</label>
<input
id="fullName"
v-model="formData.fullName"
@input="clearError('fullName')"
type="text"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.fullName }"
placeholder="Enter full name"
/>
<p v-if="errors.fullName" class="text-red-500 text-sm mt-1">{{ errors.fullName }}</p>
</div>
<!-- Username -->
<div>
<label for="username" class="block text-sm font-medium text-gray-700 mb-2">
Username <span class="text-red-500">*</span>
</label>
<input
id="username"
v-model="formData.username"
@input="clearError('username')"
type="text"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.username }"
placeholder="Enter username"
/>
<p v-if="errors.username" class="text-red-500 text-sm mt-1">{{ errors.username }}</p>
</div>
<!-- Email -->
<div>
<label for="email" class="block text-sm font-medium text-gray-700 mb-2">
Email Address <span class="text-red-500">*</span>
</label>
<input
id="email"
v-model="formData.email"
@input="clearError('email')"
type="email"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.email }"
placeholder="Enter email address"
/>
<p v-if="errors.email" class="text-red-500 text-sm mt-1">{{ errors.email }}</p>
</div>
<!-- Phone -->
<div>
<label for="phone" class="block text-sm font-medium text-gray-700 mb-2">
Phone Number <span class="text-red-500">*</span>
</label>
<input
id="phone"
v-model="formData.phone"
@input="clearError('phone')"
type="tel"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.phone }"
placeholder="+60123456789"
/>
<p v-if="errors.phone" class="text-red-500 text-sm mt-1">{{ errors.phone }}</p>
</div>
</div>
<!-- Password Section -->
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<!-- Password -->
<div>
<label for="password" class="block text-sm font-medium text-gray-700 mb-2">
Password <span class="text-red-500">*</span>
</label>
<input
id="password"
v-model="formData.password"
@input="clearError('password')"
type="password"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.password }"
placeholder="Enter password"
/>
<p v-if="errors.password" class="text-red-500 text-sm mt-1">{{ errors.password }}</p>
</div>
<!-- Confirm Password -->
<div>
<label for="confirmPassword" class="block text-sm font-medium text-gray-700 mb-2">
Confirm Password <span class="text-red-500">*</span>
</label>
<input
id="confirmPassword"
v-model="formData.confirmPassword"
@input="clearError('confirmPassword')"
type="password"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
:class="{ 'border-red-500': errors.confirmPassword }"
placeholder="Confirm password"
/>
<p v-if="errors.confirmPassword" class="text-red-500 text-sm mt-1">{{ errors.confirmPassword }}</p>
</div>
</div>
<!-- Role and Status Section -->
<!-- MFA Section -->
<div class="border-t pt-6">
<h3 class="text-lg font-medium text-gray-900 mb-4">Multi-Factor Authentication (MFA)</h3>
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<!-- MFA Enabled -->
<div>
<label class="flex items-center">
<input
v-model="formData.mfaEnabled"
type="checkbox"
class="rounded border-gray-300 text-blue-600 shadow-sm focus:border-blue-300 focus:ring focus:ring-blue-200 focus:ring-opacity-50"
/>
<span class="ml-2 text-sm font-medium text-gray-700">Enable MFA</span>
</label>
<p class="text-sm text-gray-500 mt-1">Enhance account security with multi-factor authentication</p>
</div>
<!-- MFA Method -->
<div v-if="formData.mfaEnabled">
<label for="mfaMethod" class="block text-sm font-medium text-gray-700 mb-2">
MFA Method
</label>
<div class="relative">
<select
id="mfaMethod"
v-model="formData.mfaMethod"
class="appearance-none w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent bg-white pr-10 cursor-pointer hover:border-gray-400 transition-colors duration-200"
>
<option v-for="method in mfaMethodOptions" :key="method.value" :value="method.value">
{{ method.label }}
</option>
</select>
<div class="absolute inset-y-0 right-0 flex items-center px-2 pointer-events-none">
<svg class="h-5 w-5 text-gray-400" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor">
<path fill-rule="evenodd" d="M5.293 7.293a1 1 0 011.414 0L10 10.586l3.293-3.293a1 1 0 111.414 1.414l-4 4a1 1 0 01-1.414 0l-4-4a1 1 0 010-1.414z" clip-rule="evenodd" />
</svg>
</div>
</div>
</div>
</div>
</div>
<!-- Form Actions -->
<div class="flex justify-end space-x-4 pt-6 border-t">
<button
type="button"
@click="resetForm"
class="px-4 py-2 border border-gray-300 rounded-md text-sm font-medium text-gray-700 hover:bg-gray-50 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500"
:disabled="isSubmitting"
>
Reset
</button>
<button
type="submit"
class="px-4 py-2 bg-blue-600 border border-transparent rounded-md shadow-sm text-sm font-medium text-white hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500 disabled:opacity-50 disabled:cursor-not-allowed"
:disabled="isSubmitting"
>
<span v-if="isSubmitting">Creating...</span>
<span v-else>Create User</span>
</button>
</div>
</form>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Custom styles for better form appearance */
.grid {
display: grid;
}
.grid-cols-1 {
grid-template-columns: repeat(1, minmax(0, 1fr));
}
@media (min-width: 768px) {
.md\:grid-cols-2 {
grid-template-columns: repeat(2, minmax(0, 1fr));
}
}
.gap-6 {
gap: 1.5rem;
}
.space-y-6 > * + * {
margin-top: 1.5rem;
}
.border-t {
border-top: 1px solid #e5e7eb;
}
.pt-6 {
padding-top: 1.5rem;
}
/* Focus styles for better accessibility */
input:focus,
select:focus {
outline: none;
ring: 2px;
ring-color: #3b82f6;
border-color: transparent;
}
/* Error state styles */
.border-red-500 {
border-color: #ef4444;
}
.text-red-500 {
color: #ef4444;
}
/* Button styles */
button:disabled {
opacity: 0.5;
cursor: not-allowed;
}
/* Checkbox styles */
input[type="checkbox"] {
width: 1rem;
height: 1rem;
}
</style>

842
pages/dashboard-rbac/index.vue Normal file
View File

@ -0,0 +1,842 @@
<script setup>
definePageMeta({
title: "RBAC Management",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "RBAC Management", path: "/rbac-permission", type: "current" }
]
});
import { ref, reactive, onMounted, computed, watch } from 'vue'
import { useRoute, useRouter } from 'vue-router'
// Active tab state
const activeTab = ref('overview')
// Get route and router for query param handling
const route = useRoute()
const router = useRouter()
// Tab definitions
const tabs = [
{ id: 'overview', name: 'Overview', icon: 'ph:chart-pie' },
{ id: 'groups', name: 'Groups & Roles', icon: 'ph:users-three' },
{ id: 'permissions', name: 'Permissions', icon: 'ph:shield-check' },
{ id: 'applications', name: 'Applications', icon: 'ph:app-window' },
{ id: 'audit', name: 'Audit Trail', icon: 'ph:clock-clockwise' }
]
// Handle tab query parameter
watch(() => route.query.tab, (newTab) => {
if (newTab && tabs.find(tab => tab.id === newTab)) {
activeTab.value = newTab
}
}, { immediate: true })
// Update URL when tab changes
watch(activeTab, (newTab) => {
router.push({ query: { ...route.query, tab: newTab } })
})
// Application state
const selectedAppId = ref('1')
const applications = ref([
{ id: '1', name: 'corradAF', description: 'Main Application', status: 'active' },
{ id: '2', name: 'HR System', description: 'Human Resources', status: 'active' },
{ id: '3', name: 'Finance System', description: 'Financial Management', status: 'development' }
])
// Organization state
const selectedOrgId = ref('1')
const organizations = ref([
{ id: '1', name: 'Main Organization', description: 'Primary tenant' },
{ id: '2', name: 'Branch Office', description: 'Secondary tenant' }
])
// Groups from Authentik
const authentikGroups = ref([
{
id: '1',
name: 'IT Department',
authentikUUID: 'uuid-1',
userCount: 12,
description: 'Information Technology Department'
},
{
id: '2',
name: 'HR Department',
authentikUUID: 'uuid-2',
userCount: 8,
description: 'Human Resources Department'
},
{
id: '3',
name: 'Finance Department',
authentikUUID: 'uuid-3',
userCount: 6,
description: 'Finance and Accounting Department'
},
{
id: '4',
name: 'Management',
authentikUUID: 'uuid-4',
userCount: 4,
description: 'Executive Management'
}
])
// Roles for selected application
const appRoles = ref([
{ id: '1', name: 'Administrator', description: 'Full system access', userCount: 2 },
{ id: '2', name: 'Manager', description: 'Department management access', userCount: 8 },
{ id: '3', name: 'Editor', description: 'Content editing access', userCount: 15 },
{ id: '4', name: 'Viewer', description: 'Read-only access', userCount: 25 }
])
// Resources for selected application
const resources = ref({
menus: [
{ id: '1', key: 'menu.dashboard', name: 'Dashboard', path: '/dashboard', level: 0 },
{ id: '2', key: 'menu.users', name: 'Users', path: '/users', level: 0 },
{ id: '3', key: 'menu.users.list', name: 'User List', path: '/users/list', level: 1 },
{ id: '4', key: 'menu.users.create', name: 'Create User', path: '/users/create', level: 1 },
{ id: '5', key: 'menu.rbac', name: 'RBAC', path: '/rbac', level: 0 },
{ id: '6', key: 'menu.reports', name: 'Reports', path: '/reports', level: 0 }
],
components: [
{ id: '1', key: 'component.user.edit_button', name: 'User Edit Button' },
{ id: '2', key: 'component.user.delete_button', name: 'User Delete Button' },
{ id: '3', key: 'component.user.bulk_actions', name: 'User Bulk Actions' },
{ id: '4', key: 'component.profile.sensitive_info', name: 'Profile Sensitive Info' },
{ id: '5', key: 'component.financial.data', name: 'Financial Data' }
],
features: [
{ id: '1', key: 'feature.export.data', name: 'Export Data' },
{ id: '2', key: 'feature.approve.requests', name: 'Approve Requests' },
{ id: '3', key: 'feature.system.backup', name: 'System Backup' },
{ id: '4', key: 'feature.user.impersonation', name: 'User Impersonation' }
]
})
// Actions
const actions = ref([
{ id: '1', name: 'view', label: 'View', icon: 'ph:eye' },
{ id: '2', name: 'create', label: 'Create', icon: 'ph:plus' },
{ id: '3', name: 'edit', label: 'Edit', icon: 'ph:pencil' },
{ id: '4', name: 'delete', label: 'Delete', icon: 'ph:trash' },
{ id: '5', name: 'approve', label: 'Approve', icon: 'ph:check' }
])
// Permission state
const groupRoleAssignments = ref({})
const rolePermissions = ref({})
const isLoading = ref(false)
// Stats for overview
const stats = computed(() => ({
totalGroups: authentikGroups.value.length,
totalRoles: appRoles.value.length,
totalUsers: authentikGroups.value.reduce((sum, group) => sum + group.userCount, 0),
totalResources: resources.value.menus.length + resources.value.components.length + resources.value.features.length
}))
// Navigation Methods - properly linked to actual pages
const navigateToUsers = () => {
navigateTo('/users')
}
const navigateToGroups = () => {
navigateTo('/groups')
}
const navigateToRoles = () => {
navigateTo('/roles')
}
const navigateToApplications = () => {
navigateTo('/applications')
}
const navigateToCreateRole = () => {
navigateTo('/roles/create')
}
const navigateToCreateApplication = () => {
navigateTo('/applications/create')
}
const navigateToCreateUser = () => {
navigateTo('/users/create')
}
const navigateToCreateGroup = () => {
navigateTo('/groups/create')
}
// Quick Action Handlers
const handleQuickAction = (action) => {
switch (action) {
case 'manage-users':
navigateToUsers()
break
case 'manage-roles':
activeTab.value = 'groups'
break
case 'manage-permissions':
activeTab.value = 'permissions'
break
case 'manage-applications':
activeTab.value = 'applications'
break
case 'view-audit':
activeTab.value = 'audit'
break
default:
console.log('Unknown action:', action)
}
}
// Event Handlers for Components
const handleGroupRoleChange = ({ groupId, roleId, assigned }) => {
updateGroupRole(groupId, roleId, assigned)
}
const handlePermissionChange = ({ roleId, resourceId, action, granted }) => {
updatePermission(roleId, resourceId, action, granted)
}
// Initialize
onMounted(() => {
// Set initial tab from URL
if (route.query.tab) {
activeTab.value = route.query.tab
}
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<rs-card class="mb-6">
<template #body>
<div class="flex flex-col lg:flex-row lg:items-center lg:justify-between">
<div class="mb-4 lg:mb-0">
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">RBAC Management</h1>
<p class="text-gray-600 dark:text-gray-400">Manage roles, permissions, and access control across applications</p>
</div>
<!-- Application & Organization Selector -->
<div class="flex flex-col sm:flex-row gap-4">
<div class="min-w-48">
<label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Organization</label>
<select v-model="selectedOrgId" class="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-md bg-white dark:bg-gray-700 text-gray-900 dark:text-white">
<option v-for="org in organizations" :key="org.id" :value="org.id">
{{ org.name }}
</option>
</select>
</div>
<div class="min-w-48">
<label class="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">Application</label>
<select v-model="selectedAppId" class="w-full px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-md bg-white dark:bg-gray-700 text-gray-900 dark:text-white">
<option v-for="app in applications" :key="app.id" :value="app.id">
{{ app.name }}
</option>
</select>
</div>
</div>
</div>
</template>
</rs-card>
<!-- Tab Navigation -->
<div class="mb-6">
<nav class="flex space-x-8 border-b border-gray-200 dark:border-gray-700">
<button
v-for="tab in tabs"
:key="tab.id"
@click="activeTab = tab.id"
:class="[
'flex items-center py-2 px-1 border-b-2 font-medium text-sm transition-colors',
activeTab === tab.id
? 'border-primary text-primary'
: 'border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 dark:text-gray-400 dark:hover:text-gray-300'
]"
>
<Icon :name="tab.icon" class="w-5 h-5 mr-2" />
{{ tab.name }}
</button>
</nav>
</div>
<!-- Tab Content -->
<div class="space-y-6">
<!-- Overview Tab -->
<div v-if="activeTab === 'overview'" class="space-y-6">
<!-- Stats Cards -->
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-6">
<!-- Total Groups -->
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-blue-500 rounded-lg flex items-center justify-center">
<Icon name="ph:users-three" class="w-5 h-5 text-white" />
</div>
</div>
<div class="ml-4">
<div class="text-2xl font-bold text-gray-900 dark:text-white">{{ stats.totalGroups }}</div>
<div class="text-sm text-gray-600 dark:text-gray-400">Total Groups</div>
</div>
</div>
</template>
</rs-card>
<!-- Total Roles -->
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-purple-500 rounded-lg flex items-center justify-center">
<Icon name="ph:shield-check" class="w-5 h-5 text-white" />
</div>
</div>
<div class="ml-4">
<div class="text-2xl font-bold text-gray-900 dark:text-white">{{ stats.totalRoles }}</div>
<div class="text-sm text-gray-600 dark:text-gray-400">Total Roles</div>
</div>
</div>
</template>
</rs-card>
<!-- Total Users -->
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-green-500 rounded-lg flex items-center justify-center">
<Icon name="ph:user" class="w-5 h-5 text-white" />
</div>
</div>
<div class="ml-4">
<div class="text-2xl font-bold text-gray-900 dark:text-white">{{ stats.totalUsers }}</div>
<div class="text-sm text-gray-600 dark:text-gray-400">Total Users</div>
</div>
</div>
</template>
</rs-card>
<!-- Total Resources -->
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-yellow-500 rounded-lg flex items-center justify-center">
<Icon name="ph:stack" class="w-5 h-5 text-white" />
</div>
</div>
<div class="ml-4">
<div class="text-2xl font-bold text-gray-900 dark:text-white">{{ stats.totalResources }}</div>
<div class="text-sm text-gray-600 dark:text-gray-400">Resources</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Quick Actions -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Quick Actions</h3>
</template>
<template #body>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
<!-- Manage Users -->
<button
@click="handleQuickAction('manage-users')"
class="flex items-center justify-center p-4 border-2 border-dashed border-gray-300 dark:border-gray-600 rounded-lg hover:border-primary hover:bg-gray-50 dark:hover:bg-gray-800 transition-colors"
>
<div class="text-center">
<Icon name="ph:users" class="w-8 h-8 mx-auto mb-2 text-gray-600 dark:text-gray-400" />
<p class="text-sm font-medium text-gray-900 dark:text-white">Manage Users</p>
<p class="text-xs text-gray-500 dark:text-gray-400">View and edit users</p>
</div>
</button>
<!-- Manage Permissions -->
<button
@click="handleQuickAction('manage-permissions')"
class="flex items-center justify-center p-4 border-2 border-dashed border-gray-300 dark:border-gray-600 rounded-lg hover:border-primary hover:bg-gray-50 dark:hover:bg-gray-800 transition-colors"
>
<div class="text-center">
<Icon name="ph:shield-plus" class="w-8 h-8 mx-auto mb-2 text-gray-600 dark:text-gray-400" />
<p class="text-sm font-medium text-gray-900 dark:text-white">Manage Permissions</p>
<p class="text-xs text-gray-500 dark:text-gray-400">Configure access control</p>
</div>
</button>
<!-- View Audit -->
<button
@click="handleQuickAction('view-audit')"
class="flex items-center justify-center p-4 border-2 border-dashed border-gray-300 dark:border-gray-600 rounded-lg hover:border-primary hover:bg-gray-50 dark:hover:bg-gray-800 transition-colors"
>
<div class="text-center">
<Icon name="ph:clock-clockwise" class="w-8 h-8 mx-auto mb-2 text-gray-600 dark:text-gray-400" />
<p class="text-sm font-medium text-gray-900 dark:text-white">View Audit</p>
<p class="text-xs text-gray-500 dark:text-gray-400">Check activity logs</p>
</div>
</button>
</div>
</template>
</rs-card>
<!-- Recent Activity -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Recent Activity</h3>
</div>
</template>
<template #body>
<div class="space-y-3">
<div class="flex items-start space-x-3">
<div class="flex-shrink-0 w-2 h-2 bg-green-500 rounded-full mt-2"></div>
<div class="flex-1 min-w-0">
<p class="text-sm text-gray-900 dark:text-white">
<span class="font-medium">John Doe</span> was assigned to <span class="font-medium">Manager</span> role
</p>
<p class="text-xs text-gray-500 dark:text-gray-400">2 minutes ago</p>
</div>
</div>
<div class="flex items-start space-x-3">
<div class="flex-shrink-0 w-2 h-2 bg-blue-500 rounded-full mt-2"></div>
<div class="flex-1 min-w-0">
<p class="text-sm text-gray-900 dark:text-white">
<span class="font-medium">IT Department</span> permissions updated for <span class="font-medium">User Management</span>
</p>
<p class="text-xs text-gray-500 dark:text-gray-400">15 minutes ago</p>
</div>
</div>
<div class="flex items-start space-x-3">
<div class="flex-shrink-0 w-2 h-2 bg-yellow-500 rounded-full mt-2"></div>
<div class="flex-1 min-w-0">
<p class="text-sm text-gray-900 dark:text-white">
New role <span class="font-medium">Content Editor</span> created
</p>
<p class="text-xs text-gray-500 dark:text-gray-400">1 hour ago</p>
</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Groups & Roles Tab -->
<div v-if="activeTab === 'groups'" class="space-y-6">
<!-- Header with Actions -->
<div class="flex justify-between items-center">
<h2 class="text-xl font-semibold text-gray-900 dark:text-white">Groups & Role Assignments</h2>
<div class="flex space-x-3">
<rs-button @click="navigateToCreateGroup" variant="secondary-outline">
<Icon name="ph:user-plus" class="w-4 h-4 mr-2" />
Create Group
</rs-button>
<rs-button @click="navigateToCreateRole" variant="primary-outline">
<Icon name="ph:shield-plus" class="w-4 h-4 mr-2" />
Create Role
</rs-button>
</div>
</div>
<!-- Groups Grid -->
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<rs-card v-for="group in authentikGroups" :key="group.id">
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">{{ group.name }}</h3>
<rs-badge variant="primary">{{ group.userCount }} Users</rs-badge>
</div>
</template>
<template #body>
<div class="space-y-4">
<p class="text-sm text-gray-600 dark:text-gray-400">{{ group.description }}</p>
<div class="flex items-center justify-between text-sm">
<span class="text-gray-600 dark:text-gray-400">Users:</span>
<span class="font-medium">{{ group.userCount }}</span>
</div>
<div class="space-y-2">
<label class="text-sm font-medium text-gray-700 dark:text-gray-300">Assigned Roles:</label>
<div class="space-y-1">
<div v-for="role in appRoles" :key="role.id" class="flex items-center">
<input
:id="`group-${group.id}-role-${role.id}`"
type="checkbox"
:checked="groupRoleAssignments[group.id]?.includes(role.id)"
@change="handleGroupRoleChange({
groupId: group.id,
roleId: role.id,
assigned: $event.target.checked
})"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded"
/>
<label
:for="`group-${group.id}-role-${role.id}`"
class="ml-2 text-sm text-gray-700 dark:text-gray-300"
>
{{ role.name }}
</label>
</div>
</div>
</div>
<div class="flex space-x-2 pt-2">
<rs-button @click="navigateToUsers" variant="secondary-outline" size="sm" class="flex-1">
Manage Users
</rs-button>
<rs-button @click="navigateToGroups" variant="primary-outline" size="sm" class="flex-1">
View Details
</rs-button>
</div>
</div>
</template>
</rs-card>
</div>
</div>
<!-- Permissions Tab -->
<div v-if="activeTab === 'permissions'" class="space-y-6">
<div class="flex justify-between items-center">
<h2 class="text-xl font-semibold text-gray-900 dark:text-white">Permission Matrix</h2>
<div class="flex items-center space-x-2">
<rs-badge :variant="selectedAppId === '1' ? 'success' : 'secondary'">
{{ applications.find(app => app.id === selectedAppId)?.name }}
</rs-badge>
</div>
</div>
<!-- Menu Permissions -->
<rs-card>
<template #header>
<div class="flex items-center">
<Icon name="ph:list" class="w-5 h-5 mr-2 text-blue-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Menu Permissions</h3>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
Menu Item
</th>
<th v-for="role in appRoles" :key="role.id" class="px-6 py-3 text-center text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
{{ role.name }}
</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="menu in resources.menus" :key="menu.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ menu.name }}
<div class="text-xs text-gray-500 dark:text-gray-400">{{ menu.path }}</div>
</td>
<td v-for="role in appRoles" :key="role.id" class="px-6 py-4 whitespace-nowrap text-center">
<input
type="checkbox"
:checked="rolePermissions[`${role.id}-${menu.id}-1`]"
@change="handlePermissionChange({
roleId: role.id,
resourceId: menu.id,
action: '1',
granted: $event.target.checked
})"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded"
/>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
<!-- Component Permissions -->
<rs-card>
<template #header>
<div class="flex items-center">
<Icon name="ph:squares-four" class="w-5 h-5 mr-2 text-green-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Component Permissions</h3>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
Component
</th>
<th v-for="role in appRoles" :key="role.id" class="px-6 py-3 text-center text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
{{ role.name }}
</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="component in resources.components" :key="component.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ component.name }}
<div class="text-xs text-gray-500 dark:text-gray-400 font-mono">{{ component.key }}</div>
</td>
<td v-for="role in appRoles" :key="role.id" class="px-6 py-4 whitespace-nowrap text-center">
<input
type="checkbox"
:checked="rolePermissions[`${role.id}-${component.id}-1`]"
@change="handlePermissionChange({
roleId: role.id,
resourceId: component.id,
action: '1',
granted: $event.target.checked
})"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded"
/>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
<!-- Feature Permissions -->
<rs-card>
<template #header>
<div class="flex items-center">
<Icon name="ph:gear" class="w-5 h-5 mr-2 text-purple-600" />
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Feature Permissions</h3>
</div>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th class="px-6 py-3 text-left text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
Feature
</th>
<th v-for="role in appRoles" :key="role.id" class="px-6 py-3 text-center text-xs font-medium text-gray-500 dark:text-gray-300 uppercase tracking-wider">
{{ role.name }}
</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="feature in resources.features" :key="feature.id">
<td class="px-6 py-4 whitespace-nowrap text-sm font-medium text-gray-900 dark:text-white">
{{ feature.name }}
<div class="text-xs text-gray-500 dark:text-gray-400 font-mono">{{ feature.key }}</div>
</td>
<td v-for="role in appRoles" :key="role.id" class="px-6 py-4 whitespace-nowrap text-center">
<input
type="checkbox"
:checked="rolePermissions[`${role.id}-${feature.id}-1`]"
@change="handlePermissionChange({
roleId: role.id,
resourceId: feature.id,
action: '1',
granted: $event.target.checked
})"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded"
/>
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
</div>
<!-- Applications Tab -->
<div v-if="activeTab === 'applications'" class="space-y-6">
<div class="flex justify-between items-center">
<h2 class="text-xl font-semibold text-gray-900 dark:text-white">Application Management</h2>
<div class="flex space-x-3">
<rs-button @click="navigateToApplications" variant="secondary-outline">
<Icon name="ph:gear" class="w-4 h-4 mr-2" />
Manage Resources
</rs-button>
<rs-button @click="navigateToCreateApplication" variant="primary">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Create Application
</rs-button>
</div>
</div>
<!-- Applications Grid -->
<div class="grid grid-cols-1 lg:grid-cols-2 xl:grid-cols-3 gap-6">
<rs-card v-for="app in applications" :key="app.id">
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">{{ app.name }}</h3>
<rs-badge :variant="app.status === 'active' ? 'success' : app.status === 'development' ? 'warning' : 'secondary'">
{{ app.status }}
</rs-badge>
</div>
</template>
<template #body>
<div class="space-y-4">
<p class="text-sm text-gray-600 dark:text-gray-400">{{ app.description }}</p>
<div class="grid grid-cols-3 gap-4 text-center">
<div>
<div class="text-lg font-semibold text-gray-900 dark:text-white">6</div>
<div class="text-xs text-gray-500 dark:text-gray-400">Menus</div>
</div>
<div>
<div class="text-lg font-semibold text-gray-900 dark:text-white">5</div>
<div class="text-xs text-gray-500 dark:text-gray-400">Components</div>
</div>
<div>
<div class="text-lg font-semibold text-gray-900 dark:text-white">4</div>
<div class="text-xs text-gray-500 dark:text-gray-400">Features</div>
</div>
</div>
<div class="flex space-x-2">
<rs-button
@click="selectedAppId = app.id; activeTab = 'permissions'"
variant="primary-outline"
size="sm"
class="flex-1"
>
Configure
</rs-button>
<rs-button @click="navigateToApplications" variant="primary-outline" size="sm" class="flex-1">
View Details
</rs-button>
</div>
</div>
</template>
</rs-card>
</div>
</div>
<!-- Audit Trail Tab -->
<div v-if="activeTab === 'audit'" class="space-y-6">
<div class="flex justify-between items-center">
<h2 class="text-xl font-semibold text-gray-900 dark:text-white">Audit Trail</h2>
<div class="flex items-center space-x-2">
<select class="px-3 py-2 border border-gray-300 dark:border-gray-600 rounded-md bg-white dark:bg-gray-700 text-sm">
<option>All Actions</option>
<option>Permission Changes</option>
<option>Role Assignments</option>
<option>User Actions</option>
</select>
<rs-button variant="primary-outline" size="sm">
<Icon name="ph:funnel" class="w-4 h-4 mr-2" />
Filter
</rs-button>
</div>
</div>
<!-- Audit Log -->
<rs-card>
<template #body>
<div class="space-y-4">
<!-- Audit Entry -->
<div class="flex items-start space-x-4 p-4 border border-gray-200 dark:border-gray-700 rounded-lg">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-green-100 dark:bg-green-900/30 rounded-full flex items-center justify-center">
<Icon name="ph:check" class="w-4 h-4 text-green-600 dark:text-green-400" />
</div>
</div>
<div class="flex-1 min-w-0">
<div class="flex items-center justify-between">
<p class="text-sm font-medium text-gray-900 dark:text-white">Permission Granted</p>
<span class="text-xs text-gray-500 dark:text-gray-400">2 minutes ago</span>
</div>
<p class="text-sm text-gray-600 dark:text-gray-400 mt-1">
<span class="font-medium">Admin User</span> granted <span class="font-mono bg-gray-100 dark:bg-gray-800 px-1 rounded">component.user.edit_button</span> permission to <span class="font-medium">Manager</span> role
</p>
<div class="flex items-center space-x-4 mt-2 text-xs text-gray-500 dark:text-gray-400">
<span>Application: corradAF</span>
<span>IP: 192.168.1.100</span>
<span>Session: abc123</span>
</div>
</div>
</div>
<!-- Audit Entry -->
<div class="flex items-start space-x-4 p-4 border border-gray-200 dark:border-gray-700 rounded-lg">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-blue-100 dark:bg-blue-900/30 rounded-full flex items-center justify-center">
<Icon name="ph:user-plus" class="w-4 h-4 text-blue-600 dark:text-blue-400" />
</div>
</div>
<div class="flex-1 min-w-0">
<div class="flex items-center justify-between">
<p class="text-sm font-medium text-gray-900 dark:text-white">User Role Assignment</p>
<span class="text-xs text-gray-500 dark:text-gray-400">15 minutes ago</span>
</div>
<p class="text-sm text-gray-600 dark:text-gray-400 mt-1">
<span class="font-medium">HR Manager</span> assigned <span class="font-medium">John Doe</span> to <span class="font-medium">Editor</span> role in <span class="font-medium">IT Department</span> group
</p>
<div class="flex items-center space-x-4 mt-2 text-xs text-gray-500 dark:text-gray-400">
<span>Application: HR System</span>
<span>IP: 192.168.1.105</span>
<span>Session: def456</span>
</div>
</div>
</div>
<!-- Audit Entry -->
<div class="flex items-start space-x-4 p-4 border border-gray-200 dark:border-gray-700 rounded-lg">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-yellow-100 dark:bg-yellow-900/30 rounded-full flex items-center justify-center">
<Icon name="ph:arrows-clockwise" class="w-4 h-4 text-yellow-600 dark:text-yellow-400" />
</div>
</div>
<div class="flex-1 min-w-0">
<div class="flex items-center justify-between">
<p class="text-sm font-medium text-gray-900 dark:text-white">Authentik Sync</p>
<span class="text-xs text-gray-500 dark:text-gray-400">1 hour ago</span>
</div>
<p class="text-sm text-gray-600 dark:text-gray-400 mt-1">
<span class="font-medium">System</span> synchronized groups and users from Authentik. 3 new users added, 1 group updated.
</p>
<div class="flex items-center space-x-4 mt-2 text-xs text-gray-500 dark:text-gray-400">
<span>Application: System</span>
<span>Automated Process</span>
</div>
</div>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</div>
</template>
<style scoped>
.permission-grid {
@apply min-w-full;
}
.permission-cell input[type="checkbox"] {
@apply h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded;
}
.permission-key {
@apply text-gray-500 dark:text-gray-400 font-mono text-xs;
}
</style>

135
pages/dashboard.vue Normal file
View File

@ -0,0 +1,135 @@
<template>
<div class="min-h-screen bg-gray-50">
<nav class="bg-white shadow">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="flex justify-between h-16">
<div class="flex items-center">
<h1 class="text-xl font-semibold text-gray-900">
CorradAF RBAC Dashboard
</h1>
</div>
<div class="flex items-center space-x-4">
<span v-if="user" class="text-sm text-gray-700">
Welcome, {{ user.name || user.email }}
</span>
<button
@click="handleLogout"
class="bg-red-600 hover:bg-red-700 text-white px-3 py-2 rounded-md text-sm font-medium"
>
Logout
</button>
</div>
</div>
</div>
</nav>
<main class="max-w-7xl mx-auto py-6 sm:px-6 lg:px-8">
<div class="px-4 py-6 sm:px-0">
<div class="border-4 border-dashed border-gray-200 rounded-lg p-8">
<div v-if="pending">
<p class="text-gray-500">Loading user information...</p>
</div>
<div v-else-if="user" class="space-y-6">
<div>
<h2 class="text-2xl font-bold text-gray-900 mb-4">
🎉 Authentication Successful!
</h2>
<p class="text-gray-600 mb-6">
You are now logged into the CorradAF RBAC system as the master provider.
</p>
</div>
<div class="bg-white rounded-lg shadow p-6">
<h3 class="text-lg font-medium text-gray-900 mb-4">
User Information
</h3>
<dl class="grid grid-cols-1 gap-x-4 gap-y-6 sm:grid-cols-2">
<div>
<dt class="text-sm font-medium text-gray-500">Name</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.name || 'N/A' }}</dd>
</div>
<div>
<dt class="text-sm font-medium text-gray-500">Email</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.email }}</dd>
</div>
<div>
<dt class="text-sm font-medium text-gray-500">Username</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.preferred_username || 'N/A' }}</dd>
</div>
<div>
<dt class="text-sm font-medium text-gray-500">User ID</dt>
<dd class="mt-1 text-sm text-gray-900">{{ user.sub }}</dd>
</div>
</dl>
</div>
<div class="bg-blue-50 border border-blue-200 rounded-lg p-4">
<h4 class="text-sm font-medium text-blue-800 mb-2">
Next Steps
</h4>
<ul class="text-sm text-blue-700 space-y-1">
<li> You can now create and manage other applications</li>
<li> Add users and assign them to applications</li>
<li> Create roles and permissions</li>
<li> Manage groups and access control</li>
</ul>
</div>
<div class="flex space-x-4">
<NuxtLink
to="/applications"
class="bg-indigo-600 hover:bg-indigo-700 text-white px-4 py-2 rounded-md text-sm font-medium"
>
Manage Applications
</NuxtLink>
<NuxtLink
to="/users"
class="bg-green-600 hover:bg-green-700 text-white px-4 py-2 rounded-md text-sm font-medium"
>
Manage Users
</NuxtLink>
</div>
</div>
<div v-else class="text-center">
<p class="text-red-600">Failed to load user information</p>
<NuxtLink
to="/login"
class="mt-4 inline-block bg-indigo-600 hover:bg-indigo-700 text-white px-4 py-2 rounded-md text-sm font-medium"
>
Login Again
</NuxtLink>
</div>
</div>
</div>
</main>
</div>
</template>
<script setup>
// Require authentication for this page
definePageMeta({
middleware: 'auth'
});
// Use the auth composable
const { logout } = useAuth();
// Get user information with proper error handling
const { data: user, pending } = await useFetch('/api/auth/me', {
default: () => null,
server: false // Client-side only to handle redirects properly
});
// If not authenticated, redirect to login
watchEffect(() => {
if (!pending.value && !user.value) {
navigateTo('/login');
}
});
const handleLogout = async () => {
await logout();
};
</script>

338
pages/dashboard/index.vue
View File

@ -1,338 +0,0 @@
<script setup>
definePageMeta({
title: "Dashboard",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{
name: "Dashboard",
path: "/",
},
],
});
// Data baru untuk lapangan terbang teratas
const topAirports = ref([
{
rank: 1,
name: "Lapangan Terbang Antarabangsa Kuala Lumpur (KLIA)",
visitors: 62000000,
},
{
rank: 2,
name: "Lapangan Terbang Antarabangsa Kota Kinabalu",
visitors: 9000000,
},
{ rank: 3, name: "Lapangan Terbang Antarabangsa Penang", visitors: 8000000 },
{ rank: 4, name: "Lapangan Terbang Antarabangsa Kuching", visitors: 5500000 },
{
rank: 5,
name: "Lapangan Terbang Antarabangsa Langkawi",
visitors: 3000000,
},
]);
// Data baru untuk kad ringkasan pantas
const quickSummary = ref([
{ title: "Jumlah Pelawat", value: "10.5 Juta", icon: "ic:outline-people" },
{
title: "Pendapatan Pelancongan",
value: "RM 86.14 Bilion",
icon: "ic:outline-attach-money",
},
{
title: "Tempoh Penginapan Purata",
value: "6.1 Hari",
icon: "ic:outline-hotel",
},
{
title: "Kepuasan Pelancong",
value: "92%",
icon: "ic:outline-sentiment-satisfied",
},
]);
// Data Pelawat Malaysia
const visitorData = ref([
{
name: "Pelawat Tempatan",
data: [5000000, 5500000, 6000000, 6500000, 7000000, 7500000],
},
{
name: "Pelawat Asing",
data: [3000000, 3500000, 4000000, 4500000, 5000000, 5500000],
},
]);
// Data Pelawat Asing mengikut Negeri
const foreignVisitorsByState = ref([
{ state: "Selangor", visitors: 1500000 },
{ state: "Pulau Pinang", visitors: 1200000 },
{ state: "Johor", visitors: 1000000 },
{ state: "Sabah", visitors: 800000 },
{ state: "Sarawak", visitors: 600000 },
{ state: "Melaka", visitors: 500000 },
{ state: "Kedah", visitors: 400000 },
{ state: "Negeri Sembilan", visitors: 300000 },
{ state: "Perak", visitors: 250000 },
{ state: "Terengganu", visitors: 200000 },
{ state: "Kelantan", visitors: 150000 },
{ state: "Pahang", visitors: 100000 },
{ state: "Perlis", visitors: 50000 },
]);
// Lapangan Terbang Keberangkatan Teratas
const departureData = ref([
{ airport: "JFK", departures: 1500 },
{ airport: "LHR", departures: 1200 },
{ airport: "CDG", departures: 1000 },
{ airport: "DXB", departures: 800 },
{ airport: "SIN", departures: 600 },
]);
// Data Pelancong Berulang
const repeatVisitorsData = ref([
{ category: "1-2 kali", percentage: 45 },
{ category: "3-5 kali", percentage: 30 },
{ category: "6-10 kali", percentage: 15 },
{ category: ">10 kali", percentage: 10 },
]);
// Data Negara Asal Pelancong Asing Teratas
const topVisitorCountries = ref([
{ country: "Singapura", visitors: 1500000 },
{ country: "Indonesia", visitors: 1200000 },
{ country: "China", visitors: 1000000 },
{ country: "Thailand", visitors: 800000 },
{ country: "India", visitors: 600000 },
]);
const chartOptionsVisitors = computed(() => ({
chart: { height: 350, type: "line" },
stroke: { curve: "smooth", width: 2 },
xaxis: { categories: ["2018", "2019", "2020", "2021", "2022", "2023"] },
yaxis: { title: { text: "Bilangan Pelawat" } },
}));
const chartOptionsForeignVisitors = computed(() => ({
chart: { type: "bar" },
plotOptions: { bar: { horizontal: true } },
xaxis: { categories: foreignVisitorsByState.value.map((item) => item.state) },
}));
const chartOptionsDeparture = computed(() => ({
chart: { type: "bar" },
plotOptions: { bar: { horizontal: true } },
xaxis: { categories: departureData.value.map((item) => item.airport) },
}));
const chartOptionsRepeatVisitors = computed(() => ({
chart: { type: "pie" },
labels: repeatVisitorsData.value.map((item) => item.category),
responsive: [
{
breakpoint: 480,
options: {
chart: {
width: 200,
},
legend: {
position: "bottom",
},
},
},
],
}));
const chartOptionsTopCountries = computed(() => ({
chart: { type: "bar" },
plotOptions: {
bar: { horizontal: false, columnWidth: "55%", endingShape: "rounded" },
},
dataLabels: { enabled: false },
stroke: { show: true, width: 2, colors: ["transparent"] },
xaxis: { categories: topVisitorCountries.value.map((item) => item.country) },
yaxis: { title: { text: "Bilangan Pelawat" } },
fill: { opacity: 1 },
tooltip: {
y: {
formatter: function (val) {
return val.toLocaleString() + " pelawat";
},
},
},
}));
onMounted(() => {
// Sebarang logik yang diperlukan semasa pemasangan
});
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Kad Ringkasan Pantas -->
<div class="grid grid-cols-1 lg:grid-cols-2 xl:grid-cols-4 gap-6">
<rs-card
v-for="(item, index) in quickSummary"
:key="index"
class="transition-all duration-300 hover:shadow-lg"
>
<div class="pt-5 pb-3 px-5 flex items-center gap-4">
<div
class="p-5 flex justify-center items-center bg-primary/20 rounded-2xl transition-all duration-300 hover:bg-primary/30"
>
<Icon class="text-primary text-3xl" :name="item.icon"></Icon>
</div>
<div class="flex-1 truncate">
<span class="block font-bold text-2xl leading-tight text-primary">
{{ item.value }}
</span>
<span class="text-sm font-medium text-gray-600">
{{ item.title }}
</span>
</div>
</div>
</rs-card>
</div>
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6 mb-6">
<!-- Gambaran Keseluruhan Pelawat Malaysia -->
<rs-card class="col-span-1 lg:col-span-2">
<template #header>
<h2 class="text-xl font-bold text-primary">
Gambaran Keseluruhan Pelawat
</h2>
</template>
<template #body>
<client-only>
<VueApexCharts
width="100%"
height="350"
type="line"
:options="chartOptionsVisitors"
:series="visitorData"
></VueApexCharts>
</client-only>
</template>
</rs-card>
<!-- Pelawat Asing mengikut Negeri -->
<rs-card>
<template #header>
<h2 class="text-lg font-semibold text-primary">
Pelawat Asing mengikut Negeri
</h2>
</template>
<template #body>
<client-only>
<VueApexCharts
width="100%"
height="300"
type="bar"
:options="chartOptionsForeignVisitors"
:series="[
{ data: foreignVisitorsByState.map((item) => item.visitors) },
]"
></VueApexCharts>
</client-only>
</template>
</rs-card>
<!-- Pelancong Berulang -->
<rs-card>
<template #header>
<h2 class="text-lg font-semibold text-primary">
Kekerapan Lawatan Pelancong
</h2>
</template>
<template #body>
<client-only>
<VueApexCharts
width="100%"
height="300"
type="pie"
:options="chartOptionsRepeatVisitors"
:series="repeatVisitorsData.map((item) => item.percentage)"
></VueApexCharts>
</client-only>
</template>
</rs-card>
</div>
<!-- Negara Asal Pelancong Asing Teratas -->
<rs-card class="mb-6">
<template #header>
<h2 class="text-xl font-bold text-primary">
Negara Asal Pelancong Asing Teratas
</h2>
</template>
<template #body>
<client-only>
<VueApexCharts
width="100%"
height="350"
type="bar"
:options="chartOptionsTopCountries"
:series="[
{
name: 'Pelawat',
data: topVisitorCountries.map((item) => item.visitors),
},
]"
></VueApexCharts>
</client-only>
</template>
</rs-card>
<rs-card class="mb-6">
<template #header>
<h2 class="text-xl font-bold text-primary">
Lapangan Terbang Teratas dengan Pelawat Terbanyak
</h2>
</template>
<template #body>
<div class="overflow-x-auto">
<table class="min-w-full divide-y divide-gray-200">
<thead class="bg-gray-50">
<tr>
<th
class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"
>
Kedudukan
</th>
<th
class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"
>
Nama Lapangan Terbang
</th>
<th
class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"
>
Jumlah Pelawat
</th>
</tr>
</thead>
<tbody class="bg-white divide-y divide-gray-200">
<tr
v-for="airport in topAirports"
:key="airport.rank"
class="hover:bg-gray-50 transition-colors duration-200"
>
<td class="px-6 py-4 whitespace-nowrap font-medium">
{{ airport.rank }}
</td>
<td class="px-6 py-4 whitespace-nowrap">{{ airport.name }}</td>
<td
class="px-6 py-4 whitespace-nowrap font-semibold text-primary"
>
{{ airport.visitors.toLocaleString() }}
</td>
</tr>
</tbody>
</table>
</div>
</template>
</rs-card>
</div>
</template>

4
pages/devtool/api-editor/index.vue
View File

@ -259,7 +259,7 @@ const deleteAPI = async (apiURL) => {
/> -->
<div class="flex justify-end gap-2">
<rs-button variant="outline" @click="showModalAdd = false">
<rs-button variant="primary-outline" @click="showModalAdd = false">
Cancel
</rs-button>
<rs-button btnType="submit">
@ -308,7 +308,7 @@ const deleteAPI = async (apiURL) => {
/> -->
<div class="flex justify-end gap-2">
<rs-button variant="outline" @click="showModalEdit = false">
<rs-button variant="primary-outline" @click="showModalEdit = false">
Cancel
</rs-button>
<rs-button btnType="submit">

26
pages/devtool/config/site-settings/index.vue
View File

@ -421,7 +421,7 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
<rs-button
v-if="hasChanges"
@click="resetSettings"
variant="outline"
variant="primary-outline"
size="sm"
class="transition-all duration-200"
>
@ -596,7 +596,7 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleLogoUpload"
class="hidden"
/>
<rs-button @click="$refs.logoFile.click()" variant="outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<rs-button @click="$refs.logoFile.click()" variant="primary-outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload Logo
</rs-button>
@ -635,7 +635,7 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleLoadingLogoUpload"
class="hidden"
/>
<rs-button @click="$refs.loadingLogoFile.click()" variant="outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<rs-button @click="$refs.loadingLogoFile.click()" variant="primary-outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload Loading Logo
</rs-button>
@ -674,7 +674,7 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleLoginLogoUpload"
class="hidden"
/>
<rs-button @click="$refs.loginLogoFile.click()" variant="outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<rs-button @click="$refs.loginLogoFile.click()" variant="primary-outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload Login Logo
</rs-button>
@ -713,7 +713,7 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleFaviconUpload"
class="hidden"
/>
<rs-button @click="$refs.faviconFile.click()" variant="outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<rs-button @click="$refs.faviconFile.click()" variant="primary-outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload Favicon
</rs-button>
@ -800,8 +800,8 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
<p class="text-xs text-gray-500 dark:text-gray-400 mt-1">Google Fonts or any CDN font URL.</p>
</div>
<rs-button @click="applyFontFromSource" variant="outline" size="sm" class="border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-refresh" class="mr-1" />
<rs-button @click="applyFontFromSource" variant="primary-outline" size="sm" class="border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-download" class="mr-2 w-4 h-4" />
Apply Font
</rs-button>
</div>
@ -897,9 +897,9 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleOgImageUpload"
class="hidden"
/>
<rs-button @click="$refs.ogImageFile.click()" variant="outline" size="sm" class="border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2" />
Upload OG Image
<rs-button @click="$refs.ogImageFile.click()" variant="primary-outline" size="sm" class="border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload Image
</rs-button>
<p class="text-xs text-gray-500 dark:text-gray-400 mt-3 leading-relaxed">1200x630px recommended Used for social media shares.</p>
</div>
@ -958,9 +958,9 @@ watch(() => settings.value.showSiteNameInHeader, (newValue) => {
@change="handleCSSUpload"
class="hidden"
/>
<rs-button @click="$refs.cssFile.click()" variant="outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-1" />
Upload CSS File
<rs-button @click="$refs.cssFile.click()" variant="primary-outline" size="sm" class="mb-3 border border-gray-300 dark:border-gray-600 hover:border-primary dark:hover:border-primary">
<Icon name="ic:outline-upload" class="mr-2 w-4 h-4" />
Upload CSS
</rs-button>
<p class="text-xs text-gray-500 dark:text-gray-400 mb-3">Upload a .css file to automatically load content.</p>
</div>

4
pages/devtool/menu-editor/index.vue
View File

@ -690,7 +690,7 @@ watch(
</template>
</FormKit>
<div class="flex justify-end gap-2">
<rs-button variant="outline" @click="showModalEdit = false">
<rs-button variant="primary-outline" @click="showModalEdit = false">
Cancel
</rs-button>
<rs-button btnType="submit">
@ -741,7 +741,7 @@ watch(
</template>
</FormKit>
<div class="flex justify-end gap-2">
<rs-button variant="outline" @click="showModalAdd = false">
<rs-button variant="primary-outline" @click="showModalAdd = false">
Cancel
</rs-button>
<rs-button btnType="submit">

317
pages/groups/create.vue Normal file
View File

@ -0,0 +1,317 @@
<script setup>
definePageMeta({
title: "Create Group",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Groups", path: "/groups" },
{ name: "Create Group", path: "/groups/create", type: "current" }
]
});
import { ref, reactive, computed, onMounted } from 'vue'
// Form state - SIMPLIFIED
const groupForm = reactive({
name: '',
description: '',
parentGroup: '',
roles: [], // Groups contain roles, not permissions
application: '', // Groups belong to applications
isActive: true
})
// Available options
const availableParentGroups = ref([
{ id: '1', name: 'IT Department' },
{ id: '2', name: 'HR Department' },
{ id: '3', name: 'Finance Department' },
{ id: '4', name: 'Management' }
])
const availableRoles = ref([
{ id: '1', name: 'Administrator', description: 'Full system access' },
{ id: '2', name: 'Manager', description: 'Department management access' },
{ id: '3', name: 'Editor', description: 'Content editing access' },
{ id: '4', name: 'Viewer', description: 'Read-only access' }
])
const availableApplications = ref([
{ id: '1', name: 'Main Application', description: 'Primary business application' },
{ id: '2', name: 'HR System', description: 'Human Resources Management' },
{ id: '3', name: 'Finance System', description: 'Financial Management' }
])
// Validation state
const errors = ref({})
const isLoading = ref(false)
// Computed
const isFormValid = computed(() => {
return groupForm.name &&
groupForm.description &&
groupForm.application &&
groupForm.name.length >= 3
})
const parentGroupOptions = computed(() =>
availableParentGroups.value.map(group => ({
label: group.name,
value: group.id
}))
)
const applicationOptions = computed(() =>
availableApplications.value.map(app => ({
label: app.name,
value: app.id
}))
)
// Methods
const validateForm = () => {
errors.value = {}
if (!groupForm.name) {
errors.value.name = 'Group name is required'
} else if (groupForm.name.length < 3) {
errors.value.name = 'Group name must be at least 3 characters'
}
if (!groupForm.description) {
errors.value.description = 'Description is required'
}
if (!groupForm.application) {
errors.value.application = 'Application is required'
}
return Object.keys(errors.value).length === 0
}
const createGroup = async () => {
if (!validateForm()) {
return
}
isLoading.value = true
try {
// Prepare group data - SIMPLIFIED
const groupData = {
name: groupForm.name,
description: groupForm.description,
parentGroup: groupForm.parentGroup,
roles: groupForm.roles,
application: groupForm.application,
isActive: groupForm.isActive
}
// API call to create group
const response = await $fetch('/api/groups/create', {
method: 'POST',
body: groupData
})
if (response.success) {
await navigateTo('/groups')
}
} catch (error) {
console.error('Failed to create group:', error)
} finally {
isLoading.value = false
}
}
const resetForm = () => {
Object.assign(groupForm, {
name: '',
description: '',
parentGroup: '',
roles: [],
application: '',
isActive: true
})
errors.value = {}
}
// Initialize
onMounted(() => {
// Load available data
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Create New Group</h1>
<p class="text-gray-600 dark:text-gray-400">Groups are collections of roles for organizing users</p>
</div>
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
<Icon name="ph:arrow-clockwise" class="w-4 h-4 mr-2" />
Reset Form
</rs-button>
<rs-button @click="createGroup" :disabled="!isFormValid || isLoading">
<Icon name="ph:users-three" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Creating...' : 'Create Group' }}
</rs-button>
</div>
</div>
</div>
<FormKit type="form" @submit="createGroup">
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
<!-- Main Form -->
<div class="lg:col-span-2 space-y-6">
<!-- Basic Information -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Basic Information</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="groupForm.name"
type="text"
label="Group Name"
placeholder="e.g., Development Team"
validation="required|length:3"
validation-visibility="dirty"
:validation-messages="{
required: 'Group name is required',
length: 'Group name must be at least 3 characters'
}"
/>
<FormKit
v-model="groupForm.application"
type="select"
label="Application"
placeholder="Select application"
:options="applicationOptions"
validation="required"
validation-visibility="dirty"
help="Which application this group belongs to"
:validation-messages="{
required: 'Application is required'
}"
/>
</div>
<FormKit
v-model="groupForm.description"
type="textarea"
label="Description"
placeholder="Describe the purpose of this group"
validation="required"
validation-visibility="dirty"
rows="3"
:validation-messages="{
required: 'Description is required'
}"
/>
<FormKit
v-model="groupForm.parentGroup"
type="select"
label="Parent Group (Optional)"
placeholder="Select parent group"
:options="parentGroupOptions"
help="Create this as a sub-group under an existing group"
/>
<FormKit
v-model="groupForm.isActive"
type="checkbox"
label="Active Group"
help="Group can be assigned to users when active"
/>
</div>
</template>
</rs-card>
</div>
<!-- Sidebar -->
<div class="space-y-6">
<!-- Roles Assignment -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Roles in Group</h3>
</template>
<template #body>
<div class="space-y-3">
<p class="text-sm text-gray-600 dark:text-gray-400 mb-4">
Select roles that belong to this group. Users in this group will inherit these roles.
</p>
<FormKit
v-for="role in availableRoles"
:key="role.id"
v-model="groupForm.roles"
type="checkbox"
:value="role.id"
:label="role.name"
:help="role.description"
:classes="{
wrapper: 'mb-2',
label: '!text-sm',
help: '!text-xs'
}"
/>
</div>
</template>
</rs-card>
<!-- Preview -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Preview</h3>
</template>
<template #body>
<div class="space-y-3">
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Name:</span>
<p class="text-sm text-gray-900 dark:text-white">{{ groupForm.name || 'Not set' }}</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Application:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ availableApplications.find(a => a.id === groupForm.application)?.name || 'Not selected' }}
</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Roles:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ groupForm.roles.length }} role(s) selected
</p>
</div>
<div class="flex space-x-2">
<rs-badge :variant="groupForm.isActive ? 'success' : 'secondary'">
{{ groupForm.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</FormKit>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

276
pages/groups/index.vue Normal file
View File

@ -0,0 +1,276 @@
<script setup>
definePageMeta({
title: "Groups",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Groups", path: "/groups", type: "current" }
]
});
import { ref, reactive, onMounted } from 'vue'
// Sample groups data
const groups = ref([
{
id: 1,
name: 'IT Department',
description: 'Information Technology team members',
members: 12,
roles: ['Admin', 'Developer'],
parentGroup: null,
authentikUUID: 'uuid-it-dept',
isActive: true,
created: '2024-01-15'
},
{
id: 2,
name: 'HR Department',
description: 'Human Resources team',
members: 8,
roles: ['HR Manager', 'HR Staff'],
parentGroup: null,
authentikUUID: 'uuid-hr-dept',
isActive: true,
created: '2024-01-10'
},
{
id: 3,
name: 'Development Team',
description: 'Software development team',
members: 15,
roles: ['Senior Developer', 'Developer', 'Junior Developer'],
parentGroup: 'IT Department',
authentikUUID: 'uuid-dev-team',
isActive: true,
created: '2024-01-20'
},
{
id: 4,
name: 'QA Team',
description: 'Quality Assurance team',
members: 6,
roles: ['QA Lead', 'QA Tester'],
parentGroup: 'IT Department',
authentikUUID: 'uuid-qa-team',
isActive: true,
created: '2024-01-25'
}
])
const isLoading = ref(false)
const searchQuery = ref('')
// Computed
const filteredGroups = computed(() => {
if (!searchQuery.value) return groups.value
return groups.value.filter(group =>
group.name.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
group.description.toLowerCase().includes(searchQuery.value.toLowerCase())
)
})
const totalMembers = computed(() =>
groups.value.reduce((sum, group) => sum + group.members, 0)
)
// Methods
const refreshGroups = async () => {
isLoading.value = true
try {
// API call to refresh groups
await new Promise(resolve => setTimeout(resolve, 1000))
} finally {
isLoading.value = false
}
}
const viewGroup = (groupId) => {
// Navigate to group details
console.log('View group:', groupId)
}
const editGroup = (groupId) => {
// Navigate to edit group
console.log('Edit group:', groupId)
}
const deleteGroup = (groupId) => {
// Handle group deletion
console.log('Delete group:', groupId)
}
const getRolesBadgeVariant = (rolesCount) => {
if (rolesCount >= 3) return 'success'
if (rolesCount >= 2) return 'warning'
return 'secondary'
}
// Initialize
onMounted(() => {
// Load groups data
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Groups</h1>
<p class="text-gray-600 dark:text-gray-400">Organize users into groups and manage access levels</p>
</div>
<div class="flex space-x-3">
<rs-button @click="refreshGroups" :disabled="isLoading" variant="primary-outline">
<Icon name="ph:arrows-clockwise" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Loading...' : 'Refresh' }}
</rs-button>
<rs-button @click="navigateTo('/groups/create')">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Add Group
</rs-button>
</div>
</div>
</div>
<!-- Stats Cards -->
<div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-6">
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-blue-100 dark:bg-blue-900 rounded-lg flex items-center justify-center">
<Icon name="ph:users-three" class="w-5 h-5 text-blue-600 dark:text-blue-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Total Groups</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ groups.length }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-green-100 dark:bg-green-900 rounded-lg flex items-center justify-center">
<Icon name="ph:users" class="w-5 h-5 text-green-600 dark:text-green-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Total Members</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ totalMembers }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-purple-100 dark:bg-purple-900 rounded-lg flex items-center justify-center">
<Icon name="ph:tree-structure" class="w-5 h-5 text-purple-600 dark:text-purple-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Parent Groups</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ groups.filter(g => !g.parentGroup).length }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-yellow-100 dark:bg-yellow-900 rounded-lg flex items-center justify-center">
<Icon name="ph:check-circle" class="w-5 h-5 text-yellow-600 dark:text-yellow-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Active Groups</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ groups.filter(g => g.isActive).length }}</p>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Groups Table -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">All Groups</h3>
<rs-badge variant="info">{{ groups.length }} groups</rs-badge>
</div>
</template>
<template #body>
<RsTable
:field="['group', 'members', 'status', 'parentGroup', 'actions']"
:data="groups"
:advanced="true"
>
<!-- Group Column -->
<template #group="{ value }">
<div class="flex items-center">
<div class="flex-shrink-0 h-10 w-10">
<div class="h-10 w-10 rounded-full bg-primary flex items-center justify-center">
<span class="text-sm font-medium text-white">{{ value.name[0] }}{{ value.name.split(' ')[1]?.[0] || value.name[1] || '' }}</span>
</div>
</div>
<div class="ml-4">
<div class="text-sm font-medium text-gray-900 dark:text-white">{{ value.name }}</div>
<div class="text-sm text-gray-500 dark:text-gray-400">{{ value.description }}</div>
</div>
</div>
</template>
<!-- Members Column -->
<template #members="{ value }">
<span class="text-sm text-gray-900 dark:text-white">{{ value.members }}</span>
</template>
<!-- Status Column -->
<template #status="{ value }">
<rs-badge :variant="value.isActive ? 'success' : 'secondary'">
{{ value.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</template>
<!-- Parent Group Column -->
<template #parentGroup="{ value }">
<span class="text-sm text-gray-500 dark:text-gray-400">{{ value.parentGroup || 'Root Group' }}</span>
</template>
<!-- Actions Column -->
<template #actions="{ value }">
<div class="flex items-center justify-end space-x-2">
<button @click="viewGroup(value.id)" class="text-primary hover:text-primary/80">
<Icon name="ph:eye" class="w-4 h-4" />
</button>
<button @click="editGroup(value.id)" class="text-primary hover:text-primary/80">
<Icon name="ph:pencil" class="w-4 h-4" />
</button>
<button @click="deleteGroup(value.id)" class="text-red-600 hover:text-red-800">
<Icon name="ph:trash" class="w-4 h-4" />
</button>
</div>
</template>
</RsTable>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

11
pages/index.vue
View File

@ -1,10 +1,15 @@
<script setup>
// Use main middleware to handle routing based on auth status
definePageMeta({
title: "Main",
middleware: ["main"],
middleware: 'main'
});
</script>
<template>
<div>Redirect Dashboard</div>
<div class="min-h-screen flex items-center justify-center bg-gray-50">
<div class="text-center">
<div class="animate-spin rounded-full h-12 w-12 border-b-2 border-indigo-600 mx-auto"></div>
<p class="mt-4 text-gray-600">Checking authentication...</p>
</div>
</div>
</template>

59
pages/login.vue Normal file
View File

@ -0,0 +1,59 @@
<template>
<div class="min-h-screen flex items-center justify-center bg-gray-50">
<div class="max-w-md w-full space-y-8">
<div>
<h2 class="mt-6 text-center text-3xl font-extrabold text-gray-900">
CorradAF RBAC System
</h2>
<p class="mt-2 text-center text-sm text-gray-600">
Sign in to manage applications and users
</p>
</div>
<div class="rounded-md shadow-sm -space-y-px">
<button
@click="loginWithAuthentik"
:disabled="isLoading"
class="group relative w-full flex justify-center py-3 px-4 border border-transparent text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50"
>
<span v-if="!isLoading">Sign in with Authentik</span>
<span v-else>Redirecting...</span>
</button>
</div>
<div class="text-center">
<p class="text-xs text-gray-500">
This will redirect you to Authentik for secure authentication
</p>
</div>
</div>
</div>
</template>
<script setup>
// Redirect authenticated users to dashboard
definePageMeta({
middleware: 'dashboard',
layout: "empty"
});
const isLoading = ref(false);
const loginWithAuthentik = async () => {
isLoading.value = true;
try {
// Redirect to our auth endpoint which handles Authentik OAuth2
await navigateTo('/api/auth/login', { external: true });
} catch (error) {
console.error('Login error:', error);
isLoading.value = false;
}
};
// Redirect if already authenticated
onMounted(() => {
// Check if user is already authenticated (you can implement this later)
// For now, just show the login page
});
</script>

201
pages/login/index.vue
View File

@ -1,201 +0,0 @@
<script setup>
import { useUserStore } from "~/stores/user";
import { RecaptchaV2 } from "vue3-recaptcha-v2";
definePageMeta({
title: "Login",
layout: "empty",
middleware: ["dashboard"],
});
const { $swal } = useNuxtApp();
const { siteSettings, loading: siteSettingsLoading } = useSiteSettings();
const username = ref("");
const password = ref("");
const userStore = useUserStore();
const togglePasswordVisibility = ref(false);
// Get login logo with fallback
const getLoginLogo = () => {
if (siteSettingsLoading.value) {
return '/img/logo/corradAF-logo.svg';
}
return siteSettings.value?.siteLoginLogo || '/img/logo/corradAF-logo.svg';
};
// Get site name with fallback
const getSiteName = () => {
if (siteSettingsLoading.value) {
return 'Login Logo';
}
return siteSettings.value?.siteName || 'Login Logo';
};
const login = async () => {
try {
const res = await useFetch("/api/auth/login", {
method: "POST",
initialCache: false,
body: JSON.stringify({
username: username.value,
password: password.value,
}),
});
const data = res.data.value;
if (data.statusCode === 200) {
// Save token to pinia store
userStore.setUsername(data.data.username);
userStore.setRoles(data.data.roles);
userStore.setIsAuthenticated(true);
$swal.fire({
position: "center",
title: "Success",
text: "Login Success",
icon: "success",
timer: 2000,
showConfirmButton: false,
});
window.location.href = "/dashboard";
} else {
$swal.fire({
title: "Error!",
text: data.message,
icon: "error",
});
}
} catch (e) {
console.log(e);
}
};
const handleWidgetId = (widgetId) => {
console.log("Widget ID: ", widgetId);
};
const handleErrorCalback = () => {
console.log("Error callback");
};
const handleExpiredCallback = () => {
console.log("Expired callback");
};
const handleLoadCallback = (response) => {
console.log("Load callback", response);
};
</script>
<template>
<div
class="flex-none md:flex justify-center text-center items-center h-screen"
>
<div class="w-full md:w-3/4 lg:w-1/2 xl:w-2/6 relative">
<rs-card class="h-screen md:h-auto px-10 md:px-16 py-12 md:py-20 mb-0">
<div class="img-container flex justify-center items-center mb-5">
<img
:src="getLoginLogo()"
:alt="getSiteName()"
class="max-w-[180px] max-h-[60px] object-contain"
@error="$event.target.src = '/img/logo/corradAF-logo.svg'"
/>
</div>
<p class="text-slate-500 text-lg mb-6">Log masuk ke akaun anda</p>
<div class="grid grid-cols-2">
<FormKit
type="text"
v-model="username"
validation="required"
placeholder="Masukkan ID Pengguna"
:classes="{
outer: 'col-span-2',
label: 'text-left',
messages: 'text-left',
}"
:validation-messages="{
required: 'ID Pengguna wajib diisi.',
}"
>
<template #prefixIcon>
<Icon
name="ph:user-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
<FormKit
:type="togglePasswordVisibility ? 'text' : 'password'"
v-model="password"
validation="required"
placeholder="Masukkan Kata Laluan"
:classes="{
outer: 'col-span-2',
label: 'text-left',
messages: 'text-left',
}"
:validation-messages="{
required: 'Kata Laluan wajib diisi.',
}"
>
<template #prefixIcon>
<Icon
name="ph:lock-key-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
<template #suffix>
<div
class="bg-gray-100 hover:bg-slate-200 dark:bg-slate-700 hover:dark:bg-slate-900 h-full rounded-r-md p-3 flex justify-center items-center cursor-pointer"
@click="togglePasswordVisibility = !togglePasswordVisibility"
>
<Icon
v-if="!togglePasswordVisibility"
name="ion:eye-outline"
size="19"
></Icon>
<Icon v-else name="ion:eye-off-outline" size="19"></Icon>
</div>
</template>
</FormKit>
<div class="col-span-2 mb-4">
<RecaptchaV2
@widget-id="handleWidgetId"
@error-callback="handleErrorCalback"
@expired-callback="handleExpiredCallback"
@load-callback="handleLoadCallback"
/>
</div>
<NuxtLink
class="col-span-2 flex items-center justify-end h-5 mt-1 text-primary hover:underline mb-5"
to="forgot-password"
>
Lupa Kata Laluan?
</NuxtLink>
<FormKit
type="button"
input-class="w-full"
outer-class="col-span-2"
@click="login"
>
Log Masuk
<Icon name="ph:caret-circle-right" class="!w-5 !h-5 ml-1"></Icon>
</FormKit>
</div>
<div class="flex justify-center items-center">
<hr class="w-full" />
<p class="w-full !text-gray-400">Tiada akaun?</p>
<hr class="w-full" />
</div>
<rs-button
@click="navigateTo('/register')"
class="w-full !bg-gray-100 !text-gray-600 border mt-5"
>
Daftar / Log masuk kali pertama
</rs-button>
</rs-card>
</div>
</div>
</template>

28
pages/logout/index.vue
View File

@ -1,28 +0,0 @@
<script setup>
import { useUserStore } from "~/stores/user";
definePageMeta({
title: "Logout",
layout: "empty",
});
const userStore = useUserStore();
await useFetch("/api/auth/logout", {
method: "GET",
});
if (process.client) {
userStore.setUsername("");
userStore.setRoles([]);
userStore.setIsAuthenticated(false);
navigateTo("/login");
}
</script>
<template>
<div>
<h1>Logout</h1>
</div>
</template>

49
pages/metabase/index.vue
View File

@ -1,49 +0,0 @@
<template>
<div>
<LayoutsBreadcrumb />
<section class="flex flex-col h-screen">
<div class="mb-4 flex-shrink-0">
<h3>Metabase</h3>
<p>
Metabase is a powerful data visualization and analytics tool that allows you to
create and share dashboards, reports, and visualizations with your team.
</p>
</div>
<div v-if="pending" class="flex justify-center items-center flex-1">
<div class="text-lg">Loading Metabase dashboard...</div>
</div>
<div v-else-if="error" class="flex justify-center items-center flex-1">
<div class="text-red-500">Error loading dashboard: {{ error.message }}</div>
</div>
<iframe
v-else
:src="iframeUrl"
frameborder="0"
width="100%"
class="flex-1"
allowtransparency
/>
</section>
</div>
</template>
<script setup>
// Fetch the JWT token from our server API
const { data: tokenData, pending, error } = await useFetch("/api/metabase/token");
const iframeUrl = computed(() => {
if (tokenData.value?.token && tokenData.value?.siteUrl) {
return (
tokenData.value.siteUrl +
"/embed/dashboard/" +
tokenData.value.token +
"#bordered=true&titled=true"
);
}
return "";
});
</script>
<style lang="scss" scoped></style>

30
pages/notes/index.vue
View File

@ -1,30 +0,0 @@
<script setup>
definePageMeta({
title: "Notes",
middleware: ["auth"],
requiresAuth: true,
});
</script>
<template>
<div>
<LayoutsBreadcrumb />
<rs-card>
<template #header>
<div>
Notes
</div>
</template>
<template #body>
<div>
Content for Notes
</div>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Add your styles here */
</style>

241
pages/register/index.vue
View File

@ -1,241 +0,0 @@
<script setup>
import { ref } from "vue";
import { RecaptchaV2 } from "vue3-recaptcha-v2";
import { useSiteSettings } from "@/composables/useSiteSettings";
const { siteSettings, loading: siteSettingsLoading } = useSiteSettings();
definePageMeta({
title: "Register",
layout: "empty",
middleware: ["dashboard"],
});
const formData = ref({
fullName: "",
idNumber: "",
phoneNumber: "",
password: "",
confirmPassword: "",
email: "",
confirmEmail: "",
subscribeNewsletter: false,
agreeTerms: false,
});
const register = () => {
// Simulate registration without API call
console.log("Registration attempted with:", formData.value);
// Add your registration logic here
};
const handleRecaptcha = (response) => {
console.log("reCAPTCHA response:", response);
};
// Get login logo with fallback
const getLoginLogo = () => {
if (siteSettingsLoading.value) {
return '/img/logo/corradAF-logo.svg';
}
return siteSettings.value?.siteLoginLogo || '/img/logo/corradAF-logo.svg';
};
// Get site name with fallback
const getSiteName = () => {
if (siteSettingsLoading.value) {
return 'Login Logo';
}
return siteSettings.value?.siteName || 'Login Logo';
};
</script>
<template>
<div
class="flex-none md:flex justify-center text-center items-center h-screen"
>
<div class="w-full md:w-3/4 lg:w-1/2 xl:w-2/6 relative">
<rs-card class="h-screen md:h-auto px-10 md:px-16 py-12 md:py-20 mb-0">
<div class="text-center mb-8">
<div class="img-container flex justify-center items-center mb-5">
<img
:src="getLoginLogo()"
:alt="getSiteName()"
class="max-w-[180px] max-h-[60px] object-contain"
@error="$event.target.src = '/img/logo/corradAF-logo.svg'"
/>
</div>
<h2 class="mt-4 text-2xl font-bold text-gray-700">Daftar Akaun</h2>
<p class="text-sm text-gray-500">Semua medan adalah wajib</p>
</div>
<FormKit type="form" :actions="false" @submit="register">
<FormKit
type="text"
name="fullName"
placeholder="Nama Penuh"
validation="required"
:validation-messages="{
required: 'Nama Penuh wajib diisi',
}"
>
<template #prefixIcon>
<Icon
name="ph:user-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
<div class="grid grid-cols-1 md:grid-cols-2 gap-0 md:gap-4">
<FormKit
type="text"
name="idNumber"
placeholder="Nombor Mykad / Nombor Pasport"
validation="required"
:validation-messages="{
required: 'Nombor Mykad / Nombor Pasport wajib diisi',
}"
>
<template #prefixIcon>
<Icon
name="ph:identification-card-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
<FormKit
type="tel"
name="phoneNumber"
placeholder="Nombor Telefon"
validation="required"
:validation-messages="{
required: 'Nombor Telefon wajib diisi',
}"
>
<template #prefixIcon>
<Icon
name="ph:device-mobile-camera-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-0 md:gap-4">
<FormKit
type="password"
name="password"
placeholder="Kata Laluan"
validation="required"
:validation-messages="{
required: 'Kata Laluan wajib diisi',
}"
>
<template #prefixIcon>
<Icon
name="ph:lock-key-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
<FormKit
type="password"
name="confirmPassword"
placeholder="Pengesahan Kata Laluan"
validation="required|confirm"
:validation-messages="{
required: 'Pengesahan Kata Laluan wajib diisi',
confirm: 'Kata Laluan tidak sepadan',
}"
:validation-rules="{
confirm: (value) => value === value.password,
}"
>
<template #prefixIcon>
<Icon
name="ph:lock-key-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-0 md:gap-4">
<FormKit
type="email"
name="email"
placeholder="Emel"
validation="required|email"
:validation-messages="{
required: 'Emel wajib diisi',
email: 'Format emel tidak sah',
}"
>
<template #prefixIcon>
<Icon
name="ph:envelope-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
<FormKit
type="email"
name="confirmEmail"
placeholder="Pengesahan Emel"
validation="required|confirm"
:validation-messages="{
required: 'Pengesahan Emel wajib diisi',
confirm: 'Emel tidak sepadan',
}"
:validation-rules="{
confirm: (value) => value === value.email,
}"
>
<template #prefixIcon>
<Icon
name="ph:envelope-fill"
class="!w-5 !h-5 ml-3 text-gray-500"
></Icon>
</template>
</FormKit>
</div>
<div class="flex justify-start mb-4 mt-2">
<RecaptchaV2 @verify="handleRecaptcha" />
</div>
<FormKit
type="checkbox"
name="subscribeNewsletter"
label="Melanggan ke newsletter bulanan"
/>
<FormKit
type="checkbox"
name="agreeTerms"
label="Setuju dengan terma perkhidmatan"
validation="accepted"
:validation-messages="{
accepted: 'Anda mesti bersetuju dengan terma perkhidmatan',
}"
>
<template #label>
Setuju dengan
<a href="#" class="text-blue-600 ml-1">terma perkhidmatan</a>
</template>
</FormKit>
<rs-button btn-type="submit" class="w-full"> Daftar Akaun </rs-button>
</FormKit>
<div class="text-center mt-4">
<p class="text-sm text-gray-500">
Sudah mempunyai akaun?
<nuxt-link to="/login" class="text-blue-600">Log Masuk</nuxt-link>
</p>
</div>
</rs-card>
</div>
</div>
</template>

306
pages/roles/create.vue Normal file
View File

@ -0,0 +1,306 @@
<script setup>
definePageMeta({
title: "Create Role",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Roles", path: "/roles" },
{ name: "Create Role", path: "/roles/create", type: "current" }
]
});
import { ref, reactive, computed, onMounted } from 'vue'
// Form state - SIMPLIFIED
const roleForm = reactive({
name: '',
description: '',
application: '',
permissions: [], // Simple list of permissions
isActive: true
})
// Available applications
const availableApplications = ref([
{ id: '1', name: 'Main Application', description: 'Primary business application' },
{ id: '2', name: 'HR System', description: 'Human Resources Management' },
{ id: '3', name: 'Finance System', description: 'Financial Management' }
])
// Simplified permissions - focused on actual system functions
const availablePermissions = ref([
// User Management
{ id: 'users_view', name: 'View Users', category: 'User Management', description: 'Can view user listings and profiles' },
{ id: 'users_create', name: 'Create Users', category: 'User Management', description: 'Can create new user accounts' },
{ id: 'users_edit', name: 'Edit Users', category: 'User Management', description: 'Can modify user information' },
{ id: 'users_delete', name: 'Delete Users', category: 'User Management', description: 'Can delete user accounts' },
// Group Management
{ id: 'groups_view', name: 'View Groups', category: 'Group Management', description: 'Can view group listings' },
{ id: 'groups_create', name: 'Create Groups', category: 'Group Management', description: 'Can create new groups' },
{ id: 'groups_edit', name: 'Edit Groups', category: 'Group Management', description: 'Can modify groups' },
{ id: 'groups_delete', name: 'Delete Groups', category: 'Group Management', description: 'Can delete groups' },
// Role Management
{ id: 'roles_view', name: 'View Roles', category: 'Role Management', description: 'Can view role listings' },
{ id: 'roles_create', name: 'Create Roles', category: 'Role Management', description: 'Can create new roles' },
{ id: 'roles_edit', name: 'Edit Roles', category: 'Role Management', description: 'Can modify roles' },
{ id: 'roles_delete', name: 'Delete Roles', category: 'Role Management', description: 'Can delete roles' },
// System Access
{ id: 'dashboard_access', name: 'Dashboard Access', category: 'System Access', description: 'Can access the dashboard' },
{ id: 'reports_view', name: 'View Reports', category: 'System Access', description: 'Can view system reports' },
{ id: 'settings_view', name: 'View Settings', category: 'System Access', description: 'Can view system settings' },
{ id: 'settings_edit', name: 'Edit Settings', category: 'System Access', description: 'Can modify system settings' }
])
// Loading state
const isLoading = ref(false)
// Computed
const isFormValid = computed(() => {
return roleForm.name &&
roleForm.description &&
roleForm.application
})
const applicationOptions = computed(() =>
availableApplications.value.map(app => ({
label: app.name,
value: app.id
}))
)
const permissionsByCategory = computed(() => {
const grouped = {}
availablePermissions.value.forEach(permission => {
if (!grouped[permission.category]) {
grouped[permission.category] = []
}
grouped[permission.category].push(permission)
})
return grouped
})
// Methods
const createRole = async () => {
if (!isFormValid.value) return
isLoading.value = true
try {
const roleData = {
name: roleForm.name,
description: roleForm.description,
application: roleForm.application,
permissions: roleForm.permissions,
isActive: roleForm.isActive
}
console.log('Creating role:', roleData)
// Simulate API call
await new Promise(resolve => setTimeout(resolve, 1500))
// Success - redirect
await navigateTo('/roles')
} catch (error) {
console.error('Failed to create role:', error)
} finally {
isLoading.value = false
}
}
const resetForm = () => {
Object.assign(roleForm, {
name: '',
description: '',
application: '',
permissions: [],
isActive: true
})
}
// Initialize
onMounted(() => {
// Load additional data if needed
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Create New Role</h1>
<p class="text-gray-600 dark:text-gray-400">Roles define what users can do in the application</p>
</div>
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
<Icon name="ph:arrow-clockwise" class="w-4 h-4 mr-2" />
Reset Form
</rs-button>
<rs-button @click="createRole" :disabled="!isFormValid || isLoading">
<Icon name="ph:shield-plus" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Creating...' : 'Create Role' }}
</rs-button>
</div>
</div>
</div>
<FormKit type="form" @submit="createRole">
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
<!-- Main Form -->
<div class="lg:col-span-2 space-y-6">
<!-- Basic Information -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Basic Information</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="roleForm.name"
type="text"
label="Role Name"
placeholder="e.g., Content Manager"
validation="required|length:3"
validation-visibility="dirty"
:validation-messages="{
required: 'Role name is required',
length: 'Role name must be at least 3 characters'
}"
/>
<FormKit
v-model="roleForm.application"
type="select"
label="Application"
placeholder="Select application"
:options="applicationOptions"
validation="required"
validation-visibility="dirty"
help="Which application this role applies to"
:validation-messages="{
required: 'Application is required'
}"
/>
</div>
<FormKit
v-model="roleForm.description"
type="textarea"
label="Description"
placeholder="Describe what this role can do and its responsibilities"
validation="required"
validation-visibility="dirty"
rows="3"
:validation-messages="{
required: 'Description is required'
}"
/>
<FormKit
v-model="roleForm.isActive"
type="checkbox"
label="Active Role"
help="Role can be assigned to users when active"
/>
</div>
</template>
</rs-card>
<!-- Permissions -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Permissions</h3>
</template>
<template #body>
<div class="space-y-6">
<p class="text-sm text-gray-600 dark:text-gray-400">
Select what actions this role can perform in the system.
</p>
<div
v-for="(permissions, category) in permissionsByCategory"
:key="category"
class="space-y-3"
>
<h4 class="text-sm font-medium text-gray-900 dark:text-white border-b border-gray-200 dark:border-gray-700 pb-2">
{{ category }}
</h4>
<div class="grid grid-cols-1 md:grid-cols-2 gap-2">
<FormKit
v-for="permission in permissions"
:key="permission.id"
v-model="roleForm.permissions"
type="checkbox"
:value="permission.id"
:label="permission.name"
:help="permission.description"
:classes="{
wrapper: 'mb-1',
label: '!text-sm',
help: '!text-xs'
}"
/>
</div>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Sidebar -->
<div class="space-y-6">
<!-- Role Preview -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Role Preview</h3>
</template>
<template #body>
<div class="space-y-3">
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Name:</span>
<p class="text-sm text-gray-900 dark:text-white">{{ roleForm.name || 'Not set' }}</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Application:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ availableApplications.find(a => a.id === roleForm.application)?.name || 'Not selected' }}
</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Permissions:</span>
<rs-badge :variant="roleForm.permissions.length > 0 ? 'success' : 'secondary'">
{{ roleForm.permissions.length }} permissions
</rs-badge>
</div>
<div class="flex space-x-2">
<rs-badge :variant="roleForm.isActive ? 'success' : 'secondary'">
{{ roleForm.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</FormKit>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

302
pages/roles/index.vue Normal file
View File

@ -0,0 +1,302 @@
<script setup>
definePageMeta({
title: "Roles",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Roles", path: "/roles", type: "current" }
]
});
import { ref, onMounted, computed } from 'vue'
// Sample roles data
const roles = ref([
{
id: 1,
name: 'Administrator',
description: 'Full system access with all permissions',
application: 'corradAF',
usersCount: 3,
permissions: 45,
isActive: true,
isGlobal: true,
priority: 100,
created: '2024-01-10'
},
{
id: 2,
name: 'Manager',
description: 'Department management and approval permissions',
application: 'corradAF',
usersCount: 8,
permissions: 28,
isActive: true,
isGlobal: false,
priority: 75,
created: '2024-01-12'
},
{
id: 3,
name: 'Editor',
description: 'Content creation and editing capabilities',
application: 'corradAF',
usersCount: 15,
permissions: 18,
isActive: true,
isGlobal: false,
priority: 50,
created: '2024-01-15'
},
{
id: 4,
name: 'Viewer',
description: 'Read-only access to application features',
application: 'corradAF',
usersCount: 25,
permissions: 8,
isActive: true,
isGlobal: false,
priority: 25,
created: '2024-01-18'
},
{
id: 5,
name: 'HR Staff',
description: 'Human resources management access',
application: 'HR System',
usersCount: 5,
permissions: 12,
isActive: false,
isGlobal: false,
priority: 60,
created: '2024-01-20'
}
])
const isLoading = ref(false)
const searchQuery = ref('')
// Computed
const filteredRoles = computed(() => {
if (!searchQuery.value) return roles.value
return roles.value.filter(role =>
role.name.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
role.description.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
role.application.toLowerCase().includes(searchQuery.value.toLowerCase())
)
})
const activeRolesCount = computed(() =>
roles.value.filter(role => role.isActive).length
)
const globalRolesCount = computed(() =>
roles.value.filter(role => role.isGlobal).length
)
const totalPermissions = computed(() =>
roles.value.reduce((sum, role) => sum + role.permissions, 0)
)
// Methods
const refreshRoles = async () => {
isLoading.value = true
try {
// API call would go here
await new Promise(resolve => setTimeout(resolve, 1000))
} finally {
isLoading.value = false
}
}
const viewRole = (roleId) => {
// Navigate to role details
console.log('View role:', roleId)
}
const editRole = (roleId) => {
// Navigate to edit role
console.log('Edit role:', roleId)
}
const deleteRole = (roleId) => {
// Handle role deletion
console.log('Delete role:', roleId)
}
const getPriorityBadgeVariant = (priority) => {
if (priority >= 80) return 'danger'
if (priority >= 60) return 'warning'
if (priority >= 40) return 'info'
return 'secondary'
}
// Initialize
onMounted(() => {
// Load roles data
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Roles</h1>
<p class="text-gray-600 dark:text-gray-400">Manage roles and permissions across applications</p>
</div>
<div class="flex space-x-3">
<rs-button @click="refreshRoles" :disabled="isLoading" variant="primary-outline">
<Icon name="ph:arrows-clockwise" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Loading...' : 'Refresh' }}
</rs-button>
<rs-button @click="navigateTo('/roles/create')">
<Icon name="ph:shield-plus" class="w-4 h-4 mr-2" />
Add Role
</rs-button>
</div>
</div>
</div>
<!-- Stats Cards -->
<div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-6">
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-blue-100 dark:bg-blue-900 rounded-lg flex items-center justify-center">
<Icon name="ph:shield-check" class="w-5 h-5 text-blue-600 dark:text-blue-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Total Roles</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ roles.length }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-green-100 dark:bg-green-900 rounded-lg flex items-center justify-center">
<Icon name="ph:check-circle" class="w-5 h-5 text-green-600 dark:text-green-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Active Roles</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ activeRolesCount }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-purple-100 dark:bg-purple-900 rounded-lg flex items-center justify-center">
<Icon name="ph:globe" class="w-5 h-5 text-purple-600 dark:text-purple-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Global Roles</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ globalRolesCount }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-yellow-100 dark:bg-yellow-900 rounded-lg flex items-center justify-center">
<Icon name="ph:key" class="w-5 h-5 text-yellow-600 dark:text-yellow-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Total Permissions</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ totalPermissions }}</p>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Roles Table -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">All Roles</h3>
<rs-badge variant="info">{{ roles.length }} roles</rs-badge>
</div>
</template>
<template #body>
<RsTable
:field="['role', 'application', 'status', 'users', 'actions']"
:data="roles"
:advanced="true"
>
<!-- Role Column -->
<template #role="{ value }">
<div class="flex items-center">
<div class="flex-shrink-0 h-10 w-10">
<div class="h-10 w-10 rounded-full bg-primary flex items-center justify-center">
<span class="text-sm font-medium text-white">{{ value.name[0] }}{{ value.name.split(' ')[1]?.[0] || value.name[1] || '' }}</span>
</div>
</div>
<div class="ml-4">
<div class="text-sm font-medium text-gray-900 dark:text-white">{{ value.name }}</div>
<div class="text-sm text-gray-500 dark:text-gray-400">{{ value.description }}</div>
</div>
</div>
</template>
<!-- Application Column -->
<template #application="{ value }">
<span class="text-sm text-gray-900 dark:text-white">{{ value.application }}</span>
</template>
<!-- Status Column -->
<template #status="{ value }">
<rs-badge :variant="value.isActive ? 'success' : 'secondary'">
{{ value.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</template>
<!-- Users Column -->
<template #users="{ value }">
<span class="text-sm text-gray-500 dark:text-gray-400">{{ value.usersCount }}</span>
</template>
<!-- Actions Column -->
<template #actions="{ value }">
<div class="flex items-center justify-end space-x-2">
<button @click="viewRole(value.id)" class="text-primary hover:text-primary/80">
<Icon name="ph:eye" class="w-4 h-4" />
</button>
<button @click="editRole(value.id)" class="text-primary hover:text-primary/80">
<Icon name="ph:pencil" class="w-4 h-4" />
</button>
<button @click="deleteRole(value.id)" class="text-red-600 hover:text-red-800">
<Icon name="ph:trash" class="w-4 h-4" />
</button>
</div>
</template>
</RsTable>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

278
pages/roles/templates.vue Normal file
View File

@ -0,0 +1,278 @@
<script setup>
definePageMeta({
title: "Role Templates",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Roles", path: "/roles" },
{ name: "Templates", path: "/roles/templates", type: "current" }
]
});
import { ref, reactive } from 'vue'
// Template state management
const templates = ref([
{
id: '1',
name: 'Administrator',
description: 'Full system access with all permissions',
permissions: {
menus: ['*'],
components: ['*'],
features: ['*']
}
},
{
id: '2',
name: 'Manager',
description: 'Department management with limited admin access',
permissions: {
menus: ['dashboard', 'users', 'reports'],
components: ['user.view', 'user.edit', 'reports.view'],
features: ['export.data', 'approve.requests']
}
},
{
id: '3',
name: 'Editor',
description: 'Content management with no admin access',
permissions: {
menus: ['dashboard', 'content'],
components: ['content.view', 'content.edit'],
features: ['export.data']
}
}
])
// Form state
const templateForm = reactive({
name: '',
description: '',
permissions: {
menus: [],
components: [],
features: []
}
})
// Available resources (in real app, this would be fetched from API)
const availableResources = reactive({
menus: [
{ id: 'dashboard', name: 'Dashboard', key: 'menu.dashboard' },
{ id: 'users', name: 'Users', key: 'menu.users' },
{ id: 'reports', name: 'Reports', key: 'menu.reports' },
{ id: 'content', name: 'Content', key: 'menu.content' }
],
components: [
{ id: 'user.view', name: 'View User', key: 'component.user.view' },
{ id: 'user.edit', name: 'Edit User', key: 'component.user.edit' },
{ id: 'content.view', name: 'View Content', key: 'component.content.view' },
{ id: 'content.edit', name: 'Edit Content', key: 'component.content.edit' },
{ id: 'reports.view', name: 'View Reports', key: 'component.reports.view' }
],
features: [
{ id: 'export.data', name: 'Export Data', key: 'feature.export.data' },
{ id: 'approve.requests', name: 'Approve Requests', key: 'feature.approve.requests' }
]
})
// Form handlers
const handleTemplateSubmit = (data) => {
const newTemplate = {
id: Date.now().toString(),
...data,
permissions: {
menus: data.permissions.menus || [],
components: data.permissions.components || [],
features: data.permissions.features || []
}
}
templates.value.push(newTemplate)
// Reset form
templateForm.name = ''
templateForm.description = ''
templateForm.permissions = {
menus: [],
components: [],
features: []
}
}
// Delete handler
const deleteTemplate = (id) => {
templates.value = templates.value.filter(template => template.id !== id)
}
// Clone handler
const cloneTemplate = (template) => {
const clonedTemplate = {
...template,
id: Date.now().toString(),
name: `${template.name} (Copy)`,
}
templates.value.push(clonedTemplate)
}
// Helper to format permission list
const formatPermissionList = (permissions) => {
if (permissions.includes('*')) return 'All permissions'
return permissions.length + ' permissions'
}
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<rs-card class="mb-6">
<template #body>
<div class="flex flex-col lg:flex-row lg:items-center lg:justify-between">
<div class="mb-4 lg:mb-0">
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Role Templates</h1>
<p class="text-gray-600 dark:text-gray-400">Manage predefined role templates with preset permissions</p>
</div>
</div>
</template>
</rs-card>
<!-- Content -->
<div class="space-y-6">
<!-- Add Template Form -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Create New Template</h3>
</template>
<template #body>
<FormKit
type="form"
:config="{ validationVisibility: 'submit' }"
@submit="handleTemplateSubmit"
:value="templateForm"
:actions="false"
>
<div class="space-y-6">
<!-- Basic Info -->
<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
<FormKit
type="text"
name="name"
label="Template Name"
validation="required"
placeholder="e.g., Department Manager"
/>
<FormKit
type="textarea"
name="description"
label="Description"
validation="required"
placeholder="Describe the role and its permissions"
/>
</div>
<!-- Permissions -->
<div class="space-y-6">
<h4 class="text-lg font-medium text-gray-900 dark:text-white">Permissions</h4>
<!-- Menu Permissions -->
<div>
<FormKit
type="checkbox"
name="permissions.menus"
label="Menu Access"
:options="availableResources.menus.reduce((acc, menu) => {
acc[menu.id] = menu.name
return acc
}, {'*': 'All Menus'})"
/>
</div>
<!-- Component Permissions -->
<div>
<FormKit
type="checkbox"
name="permissions.components"
label="Component Access"
:options="availableResources.components.reduce((acc, component) => {
acc[component.id] = component.name
return acc
}, {'*': 'All Components'})"
/>
</div>
<!-- Feature Permissions -->
<div>
<FormKit
type="checkbox"
name="permissions.features"
label="Feature Access"
:options="availableResources.features.reduce((acc, feature) => {
acc[feature.id] = feature.name
return acc
}, {'*': 'All Features'})"
/>
</div>
</div>
<div class="flex justify-end">
<rs-button type="submit" variant="primary">
<Icon name="ph:plus" class="w-4 h-4 mr-2" />
Create Template
</rs-button>
</div>
</div>
</FormKit>
</template>
</rs-card>
<!-- Template List -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Available Templates</h3>
<rs-badge variant="secondary">{{ templates.length }} templates</rs-badge>
</div>
</template>
<template #body>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
<div v-for="template in templates" :key="template.id" class="bg-white dark:bg-gray-800 rounded-lg border border-gray-200 dark:border-gray-700 p-6">
<div class="flex justify-between items-start mb-4">
<div>
<h4 class="text-lg font-medium text-gray-900 dark:text-white">{{ template.name }}</h4>
<p class="text-sm text-gray-600 dark:text-gray-400">{{ template.description }}</p>
</div>
<div class="flex space-x-2">
<rs-button @click="cloneTemplate(template)" variant="secondary-outline" size="sm">
<Icon name="ph:copy" class="w-4 h-4" />
</rs-button>
<rs-button @click="deleteTemplate(template.id)" variant="danger-outline" size="sm">
<Icon name="ph:trash" class="w-4 h-4" />
</rs-button>
</div>
</div>
<div class="space-y-3">
<div class="flex items-center text-sm">
<Icon name="ph:list" class="w-4 h-4 mr-2 text-blue-600" />
<span class="text-gray-700 dark:text-gray-300">{{ formatPermissionList(template.permissions.menus) }}</span>
</div>
<div class="flex items-center text-sm">
<Icon name="ph:squares-four" class="w-4 h-4 mr-2 text-green-600" />
<span class="text-gray-700 dark:text-gray-300">{{ formatPermissionList(template.permissions.components) }}</span>
</div>
<div class="flex items-center text-sm">
<Icon name="ph:gear" class="w-4 h-4 mr-2 text-purple-600" />
<span class="text-gray-700 dark:text-gray-300">{{ formatPermissionList(template.permissions.features) }}</span>
</div>
</div>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</template>

223
pages/test-api.vue Normal file
View File

@ -0,0 +1,223 @@
<template>
<div class="min-h-screen bg-gray-50 py-8">
<div class="max-w-4xl mx-auto px-4">
<h1 class="text-3xl font-bold text-gray-900 mb-8">API Testing Page</h1>
<!-- Test Application Creation -->
<div class="bg-white rounded-lg shadow p-6 mb-6">
<h2 class="text-xl font-semibold mb-4">Test Application Creation</h2>
<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4 mb-4">
<button
@click="testCreateApp('oauth2')"
:disabled="loading"
class="bg-blue-500 hover:bg-blue-600 text-white px-4 py-2 rounded disabled:opacity-50"
>
Test OAuth2 App
</button>
<button
@click="testCreateApp('ldap')"
:disabled="loading"
class="bg-green-500 hover:bg-green-600 text-white px-4 py-2 rounded disabled:opacity-50"
>
Test LDAP App
</button>
<button
@click="testCreateApp('saml')"
:disabled="loading"
class="bg-purple-500 hover:bg-purple-600 text-white px-4 py-2 rounded disabled:opacity-50"
>
Test SAML App
</button>
<button
@click="testCreateApp('proxy')"
:disabled="loading"
class="bg-orange-500 hover:bg-orange-600 text-white px-4 py-2 rounded disabled:opacity-50"
>
Test Proxy App
</button>
</div>
<div class="mb-4">
<button
@click="testListApps"
:disabled="loading"
class="bg-gray-500 hover:bg-gray-600 text-white px-4 py-2 rounded disabled:opacity-50 mr-2"
>
List Applications
</button>
<button
@click="testAuthentikConnection"
:disabled="loading"
class="bg-indigo-500 hover:bg-indigo-600 text-white px-4 py-2 rounded disabled:opacity-50"
>
Test Authentik Connection
</button>
</div>
<div v-if="loading" class="text-blue-600 mb-4">
{{ loadingMessage }}
</div>
</div>
<!-- Results Display -->
<div class="bg-white rounded-lg shadow p-6">
<h2 class="text-xl font-semibold mb-4">Results</h2>
<div v-if="result" class="mb-4">
<div class="flex items-center mb-2">
<span class="text-sm font-medium text-gray-500 mr-2">Status:</span>
<span :class="result.success ? 'text-green-600' : 'text-red-600'" class="font-medium">
{{ result.success ? '✅ Success' : '❌ Error' }}
</span>
</div>
<div class="bg-gray-50 rounded p-4 overflow-auto">
<pre class="text-sm">{{ JSON.stringify(result.data, null, 2) }}</pre>
</div>
</div>
<div v-if="!result" class="text-gray-500 text-center py-8">
Click a test button above to see results here
</div>
<button
v-if="result"
@click="result = null"
class="mt-4 bg-gray-300 hover:bg-gray-400 text-gray-700 px-4 py-2 rounded"
>
Clear Results
</button>
</div>
</div>
</div>
</template>
<script setup>
// State
const loading = ref(false)
const loadingMessage = ref('')
const result = ref(null)
// Test functions
const testCreateApp = async (providerType) => {
loading.value = true
loadingMessage.value = `Creating ${providerType.toUpperCase()} application...`
try {
const timestamp = Date.now()
const testApp = {
name: `Test ${providerType.toUpperCase()} ${timestamp}`,
slug: `test-${providerType}-${timestamp}`,
meta_description: `Test ${providerType} application for debugging`,
meta_launch_url: 'http://localhost:5000/test',
meta_publisher: 'IT Department - Test',
setupType: 'web-app',
providerType: providerType
}
console.log(`🧪 Testing ${providerType} application creation:`, testApp)
const response = await $fetch('/api/applications', {
method: 'POST',
body: testApp
})
result.value = {
success: true,
data: {
message: `${providerType.toUpperCase()} application created successfully!`,
application: response,
requestData: testApp
}
}
} catch (error) {
console.error(`${providerType} test failed:`, error)
result.value = {
success: false,
data: {
error: error.message,
statusCode: error.statusCode,
details: error.data,
requestData: testApp
}
}
} finally {
loading.value = false
loadingMessage.value = ''
}
}
const testListApps = async () => {
loading.value = true
loadingMessage.value = 'Fetching applications list...'
try {
const response = await $fetch('/api/applications')
result.value = {
success: true,
data: {
message: 'Applications fetched successfully!',
count: response.results?.length || 0,
applications: response.results || []
}
}
} catch (error) {
console.error('❌ List apps test failed:', error)
result.value = {
success: false,
data: {
error: error.message,
statusCode: error.statusCode,
details: error.data
}
}
} finally {
loading.value = false
loadingMessage.value = ''
}
}
const testAuthentikConnection = async () => {
loading.value = true
loadingMessage.value = 'Testing Authentik connection...'
try {
const response = await $fetch('/api/test-authentik')
result.value = {
success: true,
data: {
message: 'Authentik connection test successful!',
connectionTest: response
}
}
} catch (error) {
console.error('❌ Authentik connection test failed:', error)
result.value = {
success: false,
data: {
error: error.message,
statusCode: error.statusCode,
details: error.data
}
}
} finally {
loading.value = false
loadingMessage.value = ''
}
}
// Page metadata
useHead({
title: 'API Testing - CorradAF RBAC'
})
</script>

629
pages/users/bulk.vue Normal file
View File

@ -0,0 +1,629 @@
<script setup>
definePageMeta({
title: "Bulk Operations",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Users", path: "/users" },
{ name: "Bulk Operations", path: "/users/bulk", type: "current" }
]
});
import { ref, reactive, computed, onMounted } from 'vue'
// Active operation type
const activeOperation = ref('users')
// File upload states
const uploadedFiles = ref([])
const isProcessing = ref(false)
const csvFile = ref(null)
const isUploading = ref(false)
const uploadProgress = ref(0)
// Preview data
const previewData = ref([])
const headers = ref([])
// Bulk operation results
const operationResults = ref(null)
// Form states for different operations
const bulkUserForm = reactive({
operation: 'create', // create, update, delete, activate, deactivate
assignGroups: [],
assignRoles: [],
department: '',
sendInvitations: true,
syncToAuthentik: true
})
const bulkGroupForm = reactive({
operation: 'create', // create, update, delete
parentGroup: '',
defaultRoles: [],
syncToAuthentik: true
})
const bulkRoleForm = reactive({
operation: 'create', // create, update, delete
permissions: [],
syncToAuthentik: true
})
// Validation results
const validationResults = reactive({
errors: [],
warnings: []
})
// Progress tracking
const progress = reactive({
current: 0,
total: 0,
status: 'Ready'
})
// Operation settings
const operationSettings = reactive({
operation: 'create',
batchSize: 100,
skipErrors: false
})
// Default settings for users
const defaultSettings = reactive({
defaultGroups: [],
defaultRoles: [],
isActive: true,
mustChangePassword: true
})
// Authentik sync settings
const syncSettings = reactive({
syncToAuthentik: true,
createGroups: false,
sendInvitations: true
})
// Available options
const availableGroups = ref([
{ id: '1', name: 'IT Department', authentikUUID: 'uuid-1' },
{ id: '2', name: 'HR Department', authentikUUID: 'uuid-2' },
{ id: '3', name: 'Finance Department', authentikUUID: 'uuid-3' },
{ id: '4', name: 'Management', authentikUUID: 'uuid-4' }
])
const availableRoles = ref([
{ id: '1', name: 'Administrator' },
{ id: '2', name: 'Manager' },
{ id: '3', name: 'Editor' },
{ id: '4', name: 'Viewer' }
])
// Computed options for FormKit selects
const groupOptions = computed(() =>
availableGroups.value.map(group => ({
label: group.name,
value: group.id
}))
)
const roleOptions = computed(() =>
availableRoles.value.map(role => ({
label: role.name,
value: role.id
}))
)
// CSV Templates
const csvTemplates = computed(() => {
switch (activeOperation.value) {
case 'users':
return {
headers: ['username', 'email', 'firstName', 'lastName', 'department', 'jobTitle', 'phone', 'groups', 'roles'],
sample: [
['john.doe', 'john@company.com', 'John', 'Doe', 'IT', 'Software Engineer', '+1234567890', 'IT Department', 'Editor'],
['jane.smith', 'jane@company.com', 'Jane', 'Smith', 'HR', 'HR Manager', '+1234567891', 'HR Department', 'Manager']
]
}
case 'groups':
return {
headers: ['name', 'description', 'parentGroup', 'defaultRoles'],
sample: [
['Development Team', 'Software development team', 'IT Department', 'Editor,Viewer'],
['QA Team', 'Quality assurance team', 'IT Department', 'Viewer']
]
}
case 'roles':
return {
headers: ['name', 'description', 'permissions'],
sample: [
['Senior Developer', 'Senior development role', 'menu.dashboard,component.user.edit_button'],
['Junior Developer', 'Junior development role', 'menu.dashboard,component.user.view']
]
}
default:
return { headers: [], sample: [] }
}
})
// Methods
const downloadTemplate = () => {
const template = csvTemplates.value
const csvContent = [
template.headers.join(','),
...template.sample.map(row => row.join(','))
].join('\n')
const blob = new Blob([csvContent], { type: 'text/csv' })
const url = window.URL.createObjectURL(blob)
const link = document.createElement('a')
link.href = url
link.download = `${activeOperation.value}_template.csv`
link.click()
window.URL.revokeObjectURL(url)
}
const handleFileUpload = async (event) => {
const file = event.target.files[0]
if (!file) return
csvFile.value = file
isUploading.value = true
uploadProgress.value = 0
try {
// Simulate upload progress
const progressInterval = setInterval(() => {
uploadProgress.value += 10
if (uploadProgress.value >= 100) {
clearInterval(progressInterval)
}
}, 100)
// Parse CSV file
const text = await file.text()
const lines = text.split('\n').filter(line => line.trim())
const headerRow = lines[0].split(',').map(h => h.trim())
headers.value = headerRow
const data = lines.slice(1).map((line, index) => {
const values = line.split(',').map(v => v.trim())
const row = headerRow.reduce((obj, header, headerIndex) => {
obj[header] = values[headerIndex] || ''
return obj
}, {})
// Add validation status
row._validation = validateRow(row, index + 2) // +2 because we start from line 2 (after header)
return row
})
previewData.value = data
validateAllData()
} catch (error) {
console.error('File upload failed:', error)
} finally {
isUploading.value = false
}
}
const validateRow = (row, lineNumber) => {
const errors = []
// Basic validation
if (!row.username) errors.push('Username is required')
if (!row.email) errors.push('Email is required')
if (!row.firstName) errors.push('First name is required')
if (!row.lastName) errors.push('Last name is required')
// Email format validation
if (row.email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(row.email)) {
errors.push('Invalid email format')
}
return {
valid: errors.length === 0,
errors,
lineNumber
}
}
const validateAllData = () => {
validationResults.errors = []
validationResults.warnings = []
previewData.value.forEach((row) => {
if (!row._validation.valid) {
row._validation.errors.forEach(error => {
validationResults.errors.push({
row: row._validation.lineNumber,
message: error
})
})
}
})
}
const processBulkOperation = async () => {
if (validationResults.errors.length > 0 && !operationSettings.skipErrors) {
return
}
isProcessing.value = true
progress.total = previewData.value.length
progress.current = 0
progress.status = 'Processing users...'
try {
let endpoint = ''
let requestData = {}
switch (activeOperation.value) {
case 'users':
endpoint = '/api/users/bulk'
requestData = {
operation: bulkUserForm.operation,
users: previewData.value,
options: {
assignGroups: bulkUserForm.assignGroups,
assignRoles: bulkUserForm.assignRoles,
department: bulkUserForm.department,
sendInvitations: bulkUserForm.sendInvitations,
syncToAuthentik: bulkUserForm.syncToAuthentik
}
}
break
case 'groups':
endpoint = '/api/groups/bulk'
requestData = {
operation: bulkGroupForm.operation,
groups: previewData.value,
options: {
parentGroup: bulkGroupForm.parentGroup,
defaultRoles: bulkGroupForm.defaultRoles,
syncToAuthentik: bulkGroupForm.syncToAuthentik
}
}
break
case 'roles':
endpoint = '/api/roles/bulk'
requestData = {
operation: bulkRoleForm.operation,
roles: previewData.value,
options: {
permissions: bulkRoleForm.permissions,
syncToAuthentik: bulkRoleForm.syncToAuthentik
}
}
break
}
const response = await $fetch(endpoint, {
method: 'POST',
body: requestData
})
operationResults.value = response
progress.status = 'Bulk operation completed successfully'
// Redirect to users page after success
setTimeout(() => {
navigateTo('/users')
}, 2000)
} catch (error) {
console.error('Bulk operation failed:', error)
progress.status = 'Bulk operation failed'
} finally {
isProcessing.value = false
}
}
const clearData = () => {
uploadedFiles.value = []
previewData.value = []
headers.value = []
validationResults.errors = []
validationResults.warnings = []
progress.current = 0
progress.total = 0
progress.status = 'Ready'
}
const resetOperation = () => {
clearData()
}
// Initialize
onMounted(() => {
// Load available groups and roles
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Bulk Operations</h1>
<p class="text-gray-600 dark:text-gray-400">Import/export users and manage bulk operations</p>
</div>
<div class="flex space-x-3">
<rs-button @click="downloadTemplate" variant="primary-outline">
<Icon name="ph:download" class="w-4 h-4 mr-2" />
Download Template
</rs-button>
<rs-button @click="exportUsers" variant="primary-outline">
<Icon name="ph:export" class="w-4 h-4 mr-2" />
Export Users
</rs-button>
</div>
</div>
</div>
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
<!-- Main Upload Area -->
<div class="lg:col-span-2 space-y-6">
<!-- CSV Upload -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Upload CSV File</h3>
</template>
<template #body>
<FormKit type="form" @submit="processUpload" :actions="false">
<FormKit
v-model="uploadedFiles"
type="dropzone"
label="Choose CSV File"
accept=".csv,text/csv"
:multiple="false"
maxSize="5MB"
help="Upload a CSV file with user data. Maximum file size: 5MB"
validation="required"
validation-visibility="dirty"
/>
<div class="mt-4">
<rs-button type="submit" :disabled="!uploadedFiles || isProcessing">
<Icon name="ph:upload" class="w-4 h-4 mr-2" />
{{ isProcessing ? 'Processing...' : 'Upload & Preview' }}
</rs-button>
</div>
</FormKit>
</template>
</rs-card>
<!-- Data Preview -->
<rs-card v-if="previewData.length > 0">
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Data Preview</h3>
<rs-badge variant="info">{{ previewData.length }} rows</rs-badge>
</div>
</template>
<template #body>
<div class="overflow-x-auto max-h-96">
<table class="min-w-full divide-y divide-gray-200 dark:divide-gray-700">
<thead class="bg-gray-50 dark:bg-gray-800">
<tr>
<th v-for="header in headers" :key="header" class="px-4 py-2 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wider">
{{ header }}
</th>
<th class="px-4 py-2 text-left text-xs font-medium text-gray-500 dark:text-gray-400 uppercase tracking-wider">Status</th>
</tr>
</thead>
<tbody class="bg-white dark:bg-gray-900 divide-y divide-gray-200 dark:divide-gray-700">
<tr v-for="(row, index) in previewData.slice(0, 10)" :key="index">
<td v-for="header in headers" :key="header" class="px-4 py-2 text-sm text-gray-900 dark:text-white">
{{ row[header] }}
</td>
<td class="px-4 py-2">
<rs-badge :variant="row._validation?.valid ? 'success' : 'danger'" class="text-xs">
{{ row._validation?.valid ? 'Valid' : 'Error' }}
</rs-badge>
</td>
</tr>
</tbody>
</table>
<div v-if="previewData.length > 10" class="p-4 text-center text-sm text-gray-500">
Showing 10 of {{ previewData.length }} rows
</div>
</div>
</template>
</rs-card>
<!-- Validation Results -->
<rs-card v-if="validationResults.errors.length > 0">
<template #header>
<h3 class="text-lg font-medium text-red-600">Validation Errors</h3>
</template>
<template #body>
<div class="space-y-2 max-h-48 overflow-y-auto">
<div v-for="error in validationResults.errors" :key="error.row" class="flex items-start space-x-2">
<rs-badge variant="danger" class="text-xs">Row {{ error.row }}</rs-badge>
<span class="text-sm text-gray-700 dark:text-gray-300">{{ error.message }}</span>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Settings Sidebar -->
<div class="space-y-6">
<!-- Operation Settings -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Operation Settings</h3>
</template>
<template #body>
<div class="space-y-4">
<FormKit
v-model="operationSettings.operation"
type="radio"
label="Operation Type"
:options="[
{ label: 'Create New Users', value: 'create' },
{ label: 'Update Existing Users', value: 'update' },
{ label: 'Create or Update', value: 'upsert' }
]"
validation="required"
:classes="{
fieldset: 'border-0 !p-0',
legend: '!font-semibold !text-sm mb-0',
options: '!flex !flex-col gap-2 mt-3',
}"
/>
<FormKit
v-model="operationSettings.batchSize"
type="number"
label="Batch Size"
help="Number of users to process at once"
:value="100"
validation="required|number|min:1|max:1000"
/>
<FormKit
v-model="operationSettings.skipErrors"
type="checkbox"
label="Skip Validation Errors"
help="Continue processing even if some rows have errors"
/>
</div>
</template>
</rs-card>
<!-- User Defaults -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Default Settings</h3>
</template>
<template #body>
<div class="space-y-4">
<FormKit
v-model="defaultSettings.defaultGroups"
type="select"
label="Default Groups"
:options="groupOptions"
multiple
help="Groups to assign to all imported users"
/>
<FormKit
v-model="defaultSettings.defaultRoles"
type="select"
label="Default Roles"
:options="roleOptions"
multiple
help="Roles to assign to all imported users"
/>
<FormKit
v-model="defaultSettings.isActive"
type="checkbox"
label="Active by Default"
help="Set all imported users as active"
/>
<FormKit
v-model="defaultSettings.mustChangePassword"
type="checkbox"
label="Require Password Change"
help="Force password change on first login"
/>
</div>
</template>
</rs-card>
<!-- Authentik Sync -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Authentik Sync</h3>
</template>
<template #body>
<div class="space-y-4">
<FormKit
v-model="syncSettings.syncToAuthentik"
type="checkbox"
label="Sync to Authentik"
help="Create/update users in Authentik SSO system"
/>
<FormKit
v-model="syncSettings.createGroups"
type="checkbox"
label="Create Missing Groups"
help="Automatically create groups that don't exist in Authentik"
:disabled="!syncSettings.syncToAuthentik"
/>
<FormKit
v-model="syncSettings.sendInvitations"
type="checkbox"
label="Send Email Invitations"
help="Send welcome emails to new users"
:disabled="!syncSettings.syncToAuthentik"
/>
</div>
</template>
</rs-card>
<!-- Progress -->
<rs-card v-if="isProcessing">
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Processing Progress</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="flex items-center justify-between text-sm">
<span>{{ progress.current }} / {{ progress.total }}</span>
<span>{{ Math.round((progress.current / progress.total) * 100) }}%</span>
</div>
<div class="w-full bg-gray-200 dark:bg-gray-700 rounded-full h-2">
<div
class="bg-primary h-2 rounded-full transition-all duration-300"
:style="{ width: (progress.current / progress.total * 100) + '%' }"
></div>
</div>
<div class="text-xs text-gray-500 dark:text-gray-400">
{{ progress.status }}
</div>
</div>
</template>
</rs-card>
</div>
</div>
<!-- Action Buttons -->
<div v-if="previewData.length > 0 && !isProcessing" class="mt-6 flex justify-end space-x-3">
<rs-button @click="clearData" variant="primary-outline">
<Icon name="ph:trash" class="w-4 h-4 mr-2" />
Clear Data
</rs-button>
<rs-button
@click="processBulkOperation"
:disabled="validationResults.errors.length > 0 && !operationSettings.skipErrors"
>
<Icon name="ph:users" class="w-4 h-4 mr-2" />
Process {{ previewData.length }} Users
</rs-button>
</div>
</div>
</template>
<style scoped>
/* Custom styles for bulk operations */
</style>

580
pages/users/create.vue Normal file
View File

@ -0,0 +1,580 @@
<script setup>
definePageMeta({
title: "Create User",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Users", path: "/users" },
{ name: "Create User", path: "/users/create", type: "current" }
]
});
import { ref, reactive, computed, onMounted } from 'vue'
// Form state - SIMPLIFIED
const userForm = reactive({
// Basic Information
firstName: '',
lastName: '',
email: '',
username: '',
password: '',
confirmPassword: '',
// Application Assignment (ESSENTIAL)
application: '',
// Group Assignment (Groups contain roles)
groups: [],
// Direct Role Assignment (optional - for specific cases)
additionalRoles: [],
// Account Settings
isActive: true,
mustChangePassword: true,
sendInvitation: true
})
// Available options
const availableApplications = ref([
{ id: '1', name: 'Main Application', description: 'Primary business application' },
{ id: '2', name: 'HR System', description: 'Human Resources Management' },
{ id: '3', name: 'Finance System', description: 'Financial Management' }
])
const availableGroups = ref([
{ id: '1', name: 'IT Department', application: '1', description: 'Information Technology Department' },
{ id: '2', name: 'HR Department', application: '2', description: 'Human Resources Department' },
{ id: '3', name: 'Finance Department', application: '3', description: 'Finance and Accounting Department' },
{ id: '4', name: 'Development Team', application: '1', description: 'Software Development Team' },
{ id: '5', name: 'Support Team', application: '1', description: 'Customer Support Team' }
])
const availableRoles = ref([
{ id: '1', name: 'Administrator', application: '1', description: 'Full system access' },
{ id: '2', name: 'Manager', application: '1', description: 'Department management access' },
{ id: '3', name: 'Editor', application: '1', description: 'Content editing access' },
{ id: '4', name: 'Viewer', application: '1', description: 'Read-only access' },
{ id: '5', name: 'HR Admin', application: '2', description: 'HR system administrator' },
{ id: '6', name: 'Finance Admin', application: '3', description: 'Finance system administrator' }
])
// Validation state
const errors = ref({})
const isLoading = ref(false)
// Computed
const isFormValid = computed(() => {
return userForm.username &&
userForm.email &&
userForm.firstName &&
userForm.lastName &&
userForm.password &&
userForm.password === userForm.confirmPassword &&
userForm.password.length >= 8 &&
userForm.application
})
const passwordStrength = computed(() => {
const password = userForm.password
if (!password) return { score: 0, label: 'No Password', color: 'gray' }
let score = 0
if (password.length >= 8) score++
if (/[A-Z]/.test(password)) score++
if (/[a-z]/.test(password)) score++
if (/[0-9]/.test(password)) score++
if (/[^A-Za-z0-9]/.test(password)) score++
const labels = ['Very Weak', 'Weak', 'Fair', 'Good', 'Strong']
const colors = ['red', 'orange', 'yellow', 'blue', 'green']
return {
score,
label: labels[score] || 'Very Weak',
color: colors[score] || 'red'
}
})
const applicationOptions = computed(() =>
availableApplications.value.map(app => ({
label: app.name,
value: app.id
}))
)
// Groups filtered by selected application
const filteredGroups = computed(() => {
if (!userForm.application) return []
return availableGroups.value.filter(group => group.application === userForm.application)
})
// Roles filtered by selected application (for additional roles)
const filteredRoles = computed(() => {
if (!userForm.application) return []
return availableRoles.value.filter(role => role.application === userForm.application)
})
// Methods
const validateForm = () => {
errors.value = {}
if (!userForm.username) {
errors.value.username = 'Username is required'
}
if (!userForm.email) {
errors.value.email = 'Email is required'
} else if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(userForm.email)) {
errors.value.email = 'Invalid email format'
}
if (!userForm.firstName) {
errors.value.firstName = 'First name is required'
}
if (!userForm.lastName) {
errors.value.lastName = 'Last name is required'
}
if (!userForm.password) {
errors.value.password = 'Password is required'
} else if (userForm.password.length < 8) {
errors.value.password = 'Password must be at least 8 characters'
}
if (userForm.password !== userForm.confirmPassword) {
errors.value.confirmPassword = 'Passwords do not match'
}
if (!userForm.application) {
errors.value.application = 'Application is required'
}
return Object.keys(errors.value).length === 0
}
const generateRandomPassword = () => {
const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*'
let password = ''
for (let i = 0; i < 12; i++) {
password += charset.charAt(Math.floor(Math.random() * charset.length))
}
userForm.password = password
userForm.confirmPassword = password
}
// Clear groups and roles when application changes
const onApplicationChange = () => {
userForm.groups = []
userForm.additionalRoles = []
}
const createUser = async () => {
if (!validateForm()) {
return
}
isLoading.value = true
try {
// Prepare user data - SIMPLIFIED
const userData = {
username: userForm.username,
email: userForm.email,
firstName: userForm.firstName,
lastName: userForm.lastName,
password: userForm.password,
application: userForm.application,
groups: userForm.groups,
additionalRoles: userForm.additionalRoles,
isActive: userForm.isActive,
mustChangePassword: userForm.mustChangePassword,
sendInvitation: userForm.sendInvitation
}
// API call to create user
const response = await $fetch('/api/users/create', {
method: 'POST',
body: userData
})
if (response.success) {
await navigateTo('/users')
}
} catch (error) {
console.error('Failed to create user:', error)
} finally {
isLoading.value = false
}
}
const resetForm = () => {
Object.assign(userForm, {
firstName: '',
lastName: '',
email: '',
username: '',
password: '',
confirmPassword: '',
application: '',
groups: [],
additionalRoles: [],
isActive: true,
mustChangePassword: true,
sendInvitation: true
})
errors.value = {}
}
// Initialize
onMounted(() => {
// Load additional data if needed
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Add New User</h1>
<p class="text-gray-600 dark:text-gray-400">Users get permissions through groups (collections of roles)</p>
</div>
<div class="flex space-x-3">
<rs-button @click="resetForm" variant="primary-outline">
<Icon name="ph:arrow-clockwise" class="w-4 h-4 mr-2" />
Reset Form
</rs-button>
<rs-button @click="createUser" :disabled="!isFormValid || isLoading">
<Icon name="ph:user-plus" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Creating...' : 'Create User' }}
</rs-button>
</div>
</div>
</div>
<FormKit type="form" @submit="createUser">
<div class="grid grid-cols-1 lg:grid-cols-3 gap-6">
<!-- Main Form -->
<div class="lg:col-span-2 space-y-6">
<!-- Basic Information -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Basic Information</h3>
</template>
<template #body>
<div class="space-y-4">
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="userForm.firstName"
type="text"
label="First Name"
placeholder="John"
validation="required"
validation-visibility="dirty"
:validation-messages="{
required: 'First name is required'
}"
/>
<FormKit
v-model="userForm.lastName"
type="text"
label="Last Name"
placeholder="Doe"
validation="required"
validation-visibility="dirty"
:validation-messages="{
required: 'Last name is required'
}"
/>
</div>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="userForm.username"
type="text"
label="Username"
placeholder="john.doe"
validation="required"
validation-visibility="dirty"
:validation-messages="{
required: 'Username is required'
}"
/>
<FormKit
v-model="userForm.email"
type="email"
label="Email Address"
placeholder="john.doe@company.com"
validation="required|email"
validation-visibility="dirty"
:validation-messages="{
required: 'Email is required',
email: 'Invalid email format'
}"
/>
</div>
<FormKit
v-model="userForm.application"
type="select"
label="Application"
placeholder="Select application"
:options="applicationOptions"
validation="required"
validation-visibility="dirty"
help="Which application this user will access"
:validation-messages="{
required: 'Application is required'
}"
@input="onApplicationChange"
/>
</div>
</template>
</rs-card>
<!-- Password Settings -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Password Settings</h3>
<rs-button @click="generateRandomPassword" variant="primary-outline" size="sm">
<Icon name="ph:key" class="w-4 h-4 mr-1" />
Generate
</rs-button>
</div>
</template>
<template #body>
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
<FormKit
v-model="userForm.password"
type="password"
label="Password"
placeholder="Enter password"
validation="required|length:8"
validation-visibility="dirty"
:validation-messages="{
required: 'Password is required',
length: 'Password must be at least 8 characters'
}"
/>
<FormKit
v-model="userForm.confirmPassword"
type="password"
label="Confirm Password"
placeholder="Confirm password"
validation="required|confirm:password"
validation-visibility="dirty"
:validation-messages="{
required: 'Confirm password is required',
confirm: 'Passwords do not match'
}"
/>
</div>
<!-- Password Strength Indicator -->
<div v-if="userForm.password" class="mt-4">
<div class="flex items-center justify-between text-xs">
<span class="text-gray-500">Password Strength</span>
<span :class="`text-${passwordStrength.color}-600`">{{ passwordStrength.label }}</span>
</div>
<div class="mt-1 w-full bg-gray-200 rounded-full h-1">
<div
:class="`bg-${passwordStrength.color}-500`"
class="h-1 rounded-full transition-all duration-300"
:style="{ width: (passwordStrength.score / 5 * 100) + '%' }"
></div>
</div>
</div>
</template>
</rs-card>
<!-- Account Settings -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Account Settings</h3>
</template>
<template #body>
<div class="space-y-4">
<FormKit
v-model="userForm.isActive"
type="checkbox"
label="Account Active"
help="User can log in when active"
/>
<FormKit
v-model="userForm.mustChangePassword"
type="checkbox"
label="Must Change Password on First Login"
help="Force password change on first login"
/>
<FormKit
v-model="userForm.sendInvitation"
type="checkbox"
label="Send Email Invitation"
help="Send welcome email with login instructions"
/>
</div>
</template>
</rs-card>
</div>
<!-- Sidebar -->
<div class="space-y-6">
<!-- Groups Assignment (PRIMARY) -->
<rs-card>
<template #header>
<div class="flex items-center">
<h3 class="text-lg font-medium text-gray-900 dark:text-white mr-2">Groups</h3>
<rs-badge variant="info">Primary</rs-badge>
</div>
</template>
<template #body>
<div class="space-y-3">
<p class="text-sm text-gray-600 dark:text-gray-400">
Groups contain roles. Users inherit all roles from their groups.
</p>
<div v-if="!userForm.application" class="p-3 bg-blue-50 dark:bg-blue-900/20 rounded-lg">
<p class="text-sm text-blue-800 dark:text-blue-200">
Select an application first to see available groups.
</p>
</div>
<div v-else-if="filteredGroups.length === 0" class="p-3 bg-gray-50 dark:bg-gray-800 rounded-lg">
<p class="text-sm text-gray-600 dark:text-gray-400">
No groups available for the selected application.
</p>
</div>
<div v-else>
<FormKit
v-for="group in filteredGroups"
:key="group.id"
v-model="userForm.groups"
type="checkbox"
:value="group.id"
:label="group.name"
:help="group.description"
:classes="{
wrapper: 'mb-2',
label: '!text-sm',
help: '!text-xs'
}"
/>
</div>
</div>
</template>
</rs-card>
<!-- Additional Roles (OPTIONAL) -->
<rs-card>
<template #header>
<div class="flex items-center">
<h3 class="text-lg font-medium text-gray-900 dark:text-white mr-2">Additional Roles</h3>
<rs-badge variant="secondary">Optional</rs-badge>
</div>
</template>
<template #body>
<div class="space-y-3">
<p class="text-sm text-gray-600 dark:text-gray-400">
Extra roles for specific permissions beyond group roles.
</p>
<div v-if="!userForm.application" class="p-3 bg-blue-50 dark:bg-blue-900/20 rounded-lg">
<p class="text-sm text-blue-800 dark:text-blue-200">
Select an application first to see available roles.
</p>
</div>
<div v-else-if="filteredRoles.length === 0" class="p-3 bg-gray-50 dark:bg-gray-800 rounded-lg">
<p class="text-sm text-gray-600 dark:text-gray-400">
No additional roles available for the selected application.
</p>
</div>
<div v-else>
<FormKit
v-for="role in filteredRoles"
:key="role.id"
v-model="userForm.additionalRoles"
type="checkbox"
:value="role.id"
:label="role.name"
:help="role.description"
:classes="{
wrapper: 'mb-2',
label: '!text-sm',
help: '!text-xs'
}"
/>
</div>
</div>
</template>
</rs-card>
<!-- Preview -->
<rs-card>
<template #header>
<h3 class="text-lg font-medium text-gray-900 dark:text-white">Preview</h3>
</template>
<template #body>
<div class="space-y-3">
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Name:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ userForm.firstName && userForm.lastName ? `${userForm.firstName} ${userForm.lastName}` : 'Not set' }}
</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Application:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ availableApplications.find(a => a.id === userForm.application)?.name || 'Not selected' }}
</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Groups:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ userForm.groups.length }} group(s) selected
</p>
</div>
<div>
<span class="text-sm font-medium text-gray-700 dark:text-gray-300">Additional Roles:</span>
<p class="text-sm text-gray-900 dark:text-white">
{{ userForm.additionalRoles.length }} additional role(s)
</p>
</div>
<div class="flex space-x-2">
<rs-badge :variant="userForm.isActive ? 'success' : 'secondary'">
{{ userForm.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</div>
</div>
</template>
</rs-card>
</div>
</div>
</FormKit>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

222
pages/users/index.vue Normal file
View File

@ -0,0 +1,222 @@
<script setup>
definePageMeta({
title: "Users",
middleware: ["auth"],
requiresAuth: true,
breadcrumb: [
{ name: "Dashboard", path: "/dashboard" },
{ name: "Users", path: "/users", type: "current" }
]
});
import { ref, onMounted, computed } from 'vue'
// Sample user data
const users = ref([
{ id: 1, username: 'admin', email: 'admin@company.com', firstName: 'Admin', lastName: 'User', isActive: true, department: 'IT', lastLogin: '2024-01-15' },
{ id: 2, username: 'john.doe', email: 'john@company.com', firstName: 'John', lastName: 'Doe', isActive: true, department: 'HR', lastLogin: '2024-01-14' },
{ id: 3, username: 'jane.smith', email: 'jane@company.com', firstName: 'Jane', lastName: 'Smith', isActive: false, department: 'Finance', lastLogin: '2024-01-10' }
])
const isLoading = ref(false)
const searchQuery = ref('')
// Computed
const filteredUsers = computed(() => {
if (!searchQuery.value) return users.value
return users.value.filter(user =>
user.firstName.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
user.lastName.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
user.email.toLowerCase().includes(searchQuery.value.toLowerCase()) ||
user.department.toLowerCase().includes(searchQuery.value.toLowerCase())
)
})
const activeUsersCount = computed(() =>
users.value.filter(user => user.isActive).length
)
const departmentsCount = computed(() =>
new Set(users.value.map(user => user.department)).size
)
const refreshUsers = async () => {
isLoading.value = true
try {
// API call would go here
await new Promise(resolve => setTimeout(resolve, 1000))
} finally {
isLoading.value = false
}
}
onMounted(() => {
// Load users
})
</script>
<template>
<div>
<LayoutsBreadcrumb />
<!-- Header -->
<div class="mb-6">
<div class="flex items-center justify-between">
<div>
<h1 class="text-2xl font-bold text-gray-900 dark:text-white">Users</h1>
<p class="text-gray-600 dark:text-gray-400">Manage user accounts and permissions</p>
</div>
<div class="flex space-x-3">
<rs-button @click="refreshUsers" :disabled="isLoading" variant="primary-outline">
<Icon name="ph:arrows-clockwise" class="w-4 h-4 mr-2" />
{{ isLoading ? 'Loading...' : 'Refresh' }}
</rs-button>
<rs-button @click="navigateTo('/users/bulk')" variant="primary-outline">
<Icon name="ph:users-four" class="w-4 h-4 mr-2" />
Bulk Operations
</rs-button>
<rs-button @click="navigateTo('/users/create')">
<Icon name="ph:user-plus" class="w-4 h-4 mr-2" />
Add User
</rs-button>
</div>
</div>
</div>
<!-- Stats Cards -->
<div class="grid grid-cols-1 md:grid-cols-4 gap-6 mb-6">
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-blue-100 dark:bg-blue-900 rounded-lg flex items-center justify-center">
<Icon name="ph:users" class="w-5 h-5 text-blue-600 dark:text-blue-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Total Users</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ users.length }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-green-100 dark:bg-green-900 rounded-lg flex items-center justify-center">
<Icon name="ph:check-circle" class="w-5 h-5 text-green-600 dark:text-green-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Active Users</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ activeUsersCount }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-purple-100 dark:bg-purple-900 rounded-lg flex items-center justify-center">
<Icon name="ph:buildings" class="w-5 h-5 text-purple-600 dark:text-purple-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Departments</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ departmentsCount }}</p>
</div>
</div>
</template>
</rs-card>
<rs-card>
<template #body>
<div class="flex items-center">
<div class="flex-shrink-0">
<div class="w-8 h-8 bg-yellow-100 dark:bg-yellow-900 rounded-lg flex items-center justify-center">
<Icon name="ph:clock" class="w-5 h-5 text-yellow-600 dark:text-yellow-400" />
</div>
</div>
<div class="ml-4">
<p class="text-sm font-medium text-gray-600 dark:text-gray-400">Recent Logins</p>
<p class="text-2xl font-bold text-gray-900 dark:text-white">{{ users.filter(u => u.lastLogin >= '2024-01-14').length }}</p>
</div>
</div>
</template>
</rs-card>
</div>
<!-- Users Table -->
<rs-card>
<template #header>
<div class="flex items-center justify-between">
<h3 class="text-lg font-medium text-gray-900 dark:text-white">All Users</h3>
<rs-badge variant="info">{{ users.length }} users</rs-badge>
</div>
</template>
<template #body>
<RsTable
:field="['user', 'department', 'status', 'lastLogin', 'actions']"
:data="users"
:advanced="true"
>
<!-- User Column -->
<template #user="{ value }">
<div class="flex items-center">
<div class="flex-shrink-0 h-10 w-10">
<div class="h-10 w-10 rounded-full bg-primary flex items-center justify-center">
<span class="text-sm font-medium text-white">{{ value.firstName[0] }}{{ value.lastName[0] }}</span>
</div>
</div>
<div class="ml-4">
<div class="text-sm font-medium text-gray-900 dark:text-white">{{ value.firstName }} {{ value.lastName }}</div>
<div class="text-sm text-gray-500 dark:text-gray-400">{{ value.email }}</div>
</div>
</div>
</template>
<!-- Department Column -->
<template #department="{ value }">
<span class="text-sm text-gray-900 dark:text-white">{{ value.department }}</span>
</template>
<!-- Status Column -->
<template #status="{ value }">
<rs-badge :variant="value.isActive ? 'success' : 'secondary'">
{{ value.isActive ? 'Active' : 'Inactive' }}
</rs-badge>
</template>
<!-- Last Login Column -->
<template #lastLogin="{ value }">
<span class="text-sm text-gray-500 dark:text-gray-400">{{ value.lastLogin }}</span>
</template>
<!-- Actions Column -->
<template #actions="{ value }">
<div class="flex items-center justify-end space-x-2">
<button class="text-primary hover:text-primary/80">
<Icon name="ph:eye" class="w-4 h-4" />
</button>
<button class="text-primary hover:text-primary/80">
<Icon name="ph:pencil" class="w-4 h-4" />
</button>
<button class="text-red-600 hover:text-red-800">
<Icon name="ph:trash" class="w-4 h-4" />
</button>
</div>
</template>
</RsTable>
</template>
</rs-card>
</div>
</template>
<style scoped>
/* Custom styles */
</style>

124
server/api/analyze-asnaf.post.ts
View File

@ -1,124 +0,0 @@
import { defineEventHandler, readBody } from 'h3';
// Define an interface for the expected request body (subset of AsnafProfile)
interface AsnafAnalysisRequest {
monthlyIncome: string;
otherIncome: string;
totalIncome: string;
occupation: string;
maritalStatus: string;
dependents: Array<any>; // Or a more specific type if you have one for dependents
// Add any other fields you deem necessary for OpenAI to analyze
}
interface AidSuggestion {
nama: string;
peratusan: string;
}
// Define an interface for the expected OpenAI response structure (and our API response)
interface AsnafAnalysisResponse {
hadKifayahPercentage: string;
kategoriAsnaf: string;
kategoriKeluarga: string;
cadanganKategori: string;
statusKelayakan: string;
cadanganBantuan: AidSuggestion[];
ramalanJangkaMasaPulih: string;
rumusan: string;
}
export default defineEventHandler(async (event): Promise<AsnafAnalysisResponse> => {
const body = await readBody<AsnafAnalysisRequest>(event);
// --- Placeholder for Actual OpenAI API Call ---
// In a real application, you would:
// 1. Retrieve your OpenAI API key securely (e.g., from environment variables)
const openAIApiKey = process.env.OPENAI_API_KEY;
if (!openAIApiKey) {
console.error('OpenAI API key not configured. Please set OPENAI_API_KEY in your .env file.');
throw createError({ statusCode: 500, statusMessage: 'OpenAI API key not configured' });
}
// 2. Construct the prompt for OpenAI using the data from `body`.
// IMPORTANT: Sanitize or carefully construct any data from `body` included in the prompt to prevent prompt injection.
const prompt = `You are an expert Zakat administrator. Based on the following applicant data: monthlyIncome: ${body.monthlyIncome}, totalIncome: ${body.totalIncome}, occupation: ${body.occupation}, maritalStatus: ${body.maritalStatus}, dependents: ${body.dependents.length}.
Return JSON with keys: hadKifayahPercentage, kategoriAsnaf, kategoriKeluarga, cadanganKategori, statusKelayakan, cadanganBantuan, ramalanJangkaMasaPulih, rumusan.
For 'cadanganBantuan', provide a JSON array of objects, where each object has a 'nama' (string, name of the aid) and 'peratusan' (string, e.g., '85%', representing suitability). Suggest 2-3 most relevant aid types.
Example for cadanganBantuan: [{"nama": "Bantuan Kewangan Bulanan", "peratusan": "90%"}, {"nama": "Bantuan Makanan Asas", "peratusan": "75%"}].
Full JSON Example: {"hadKifayahPercentage": "75%", ..., "cadanganBantuan": [{"nama": "Bantuan Kewangan Bulanan", "peratusan": "90%"}], ...}`;
// Adjust the prompt to be more detailed and specific to your needs and desired JSON output structure.
// 3. Make the API call to OpenAI
try {
const openAIResponse = await fetch('https://api.openai.com/v1/chat/completions', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${openAIApiKey}`,
},
body: JSON.stringify({
model: 'gpt-3.5-turbo', // Or your preferred model like gpt-4
messages: [{ role: 'user', content: prompt }],
// For more consistent JSON output, consider using a model version that officially supports JSON mode if available
// and set response_format: { type: "json_object" }, (check OpenAI documentation for model compatibility)
}),
});
if (!openAIResponse.ok) {
const errorData = await openAIResponse.text();
console.error('OpenAI API Error details:', errorData);
throw createError({ statusCode: openAIResponse.status, statusMessage: `Failed to get analysis from OpenAI: ${openAIResponse.statusText}` });
}
const openAIData = await openAIResponse.json();
// Parse the content from the response - structure might vary slightly based on OpenAI model/API version
// It's common for the JSON string to be in openAIData.choices[0].message.content
if (openAIData.choices && openAIData.choices[0] && openAIData.choices[0].message && openAIData.choices[0].message.content) {
const analysisResult = JSON.parse(openAIData.choices[0].message.content) as AsnafAnalysisResponse;
return analysisResult;
} else {
console.error('OpenAI response structure not as expected:', openAIData);
throw createError({ statusCode: 500, statusMessage: 'Unexpected response structure from OpenAI' });
}
} catch (error) {
console.error('Error during OpenAI API call or parsing:', error);
// Avoid exposing detailed internal errors to the client if they are not createError objects
if (typeof error === 'object' && error !== null && 'statusCode' in error) {
// We can infer error has statusCode here, but to be super safe with TS:
const e = error as { statusCode: number };
if (e.statusCode) throw e;
}
throw createError({ statusCode: 500, statusMessage: 'Internal server error during AI analysis' });
}
// --- End of Actual OpenAI API Call ---
// The simulated response below this line should be REMOVED once the actual OpenAI call is implemented and working.
/*
console.log('Received for analysis in server route:', body);
await new Promise(resolve => setTimeout(resolve, 2000)); // Simulate API delay
const totalIncomeNumeric = parseFloat(body.totalIncome);
let percentage = '50%';
if (totalIncomeNumeric < 1000) percentage = '30%';
else if (totalIncomeNumeric < 2000) percentage = '65%';
else if (totalIncomeNumeric < 3000) percentage = '85%';
else percentage = '110%';
return {
hadKifayahPercentage: percentage,
kategoriAsnaf: 'Simulated - Miskin',
kategoriKeluarga: 'Simulated - Miskin (50-100% HK)',
cadanganKategori: 'Simulated - Miskin',
statusKelayakan: 'Simulated - Layak (Miskin)',
cadanganBantuan: [
{ nama: 'Simulated - Bantuan Kewangan Bulanan', peratusan: '80%' },
{ nama: 'Simulated - Bantuan Pendidikan Anak', peratusan: '65%' }
],
ramalanJangkaMasaPulih: 'Simulated - 6 bulan',
rumusan: 'Simulated - Pemohon memerlukan perhatian segera.'
};
*/
});

119
server/api/applications/[id].js Normal file
View File

@ -0,0 +1,119 @@
import { authentikFetch, clearAuthentikCache } from '../../utils/authentik';
import { requireAuth } from '../../utils/auth';
// /api/applications/[id] - Handle GET, PUT, DELETE for specific application
// Note: [id] is actually the application slug for consistency with Authentik API
export default defineEventHandler(async (event) => {
const method = getMethod(event);
const slug = getRouterParam(event, 'id'); // This is actually a slug
if (!slug) {
throw createError({
statusCode: 400,
message: 'Application slug is required'
});
}
switch (method) {
case 'GET':
// Make GET public for testing - no auth required
try {
const application = await authentikFetch(`/core/applications/${slug}/`);
return application;
} catch (error) {
throw createError({
statusCode: error.statusCode || 404,
message: error.message || 'Application not found'
});
}
case 'PUT':
// Require authentication for updating applications
await requireAuth(event);
try {
const body = await readBody(event);
console.log('🔄 Updating application:', slug, body);
// Prepare the update payload with all fields from frontend
const updatePayload = {
name: body.name,
slug: body.slug,
meta_description: body.meta_description || body.description,
meta_publisher: body.meta_publisher || 'CorradAF RBAC',
meta_launch_url: body.meta_launch_url || body.launchUrl
};
console.log('📦 Update payload:', updatePayload);
const application = await authentikFetch(`/core/applications/${slug}/`, {
method: 'PATCH', // Use PATCH instead of PUT to update only specified fields
body: updatePayload
});
console.log('✅ Application updated successfully:', application.name);
// Clear Authentik cache to ensure changes take effect immediately
try {
await clearAuthentikCache();
console.log('✅ Cache cleared after application update');
} catch (cacheError) {
console.warn('⚠️ Cache clearing failed but application was updated:', cacheError.message);
// Continue even if cache clearing fails
}
// Add success message to the response
return {
...application,
message: 'Application updated successfully'
};
} catch (error) {
console.error('❌ Update failed:', error);
throw createError({
statusCode: error.statusCode || 500,
message: error.message || 'Failed to update application'
});
}
case 'DELETE':
// Require authentication for deleting applications
await requireAuth(event);
try {
console.log(`🗑️ Attempting to delete application with slug: ${slug}`);
// Direct DELETE using slug (no extra GET request needed)
await authentikFetch(`/core/applications/${slug}/`, {
method: 'DELETE'
});
console.log(`✅ Successfully deleted application ${slug}`);
// Clear Authentik cache to ensure changes take effect immediately
try {
await clearAuthentikCache();
console.log('✅ Cache cleared after application deletion');
} catch (cacheError) {
console.warn('⚠️ Cache clearing failed but application was deleted:', cacheError.message);
// Continue even if cache clearing fails
}
return {
success: true,
message: 'Application deleted successfully'
};
} catch (error) {
console.error(`❌ Delete failed for application ${slug}:`, error);
throw createError({
statusCode: error.statusCode || 500,
message: error.message || 'Failed to delete application'
});
}
default:
throw createError({
statusCode: 405,
message: 'Method not allowed'
});
}
});

224
server/api/applications/index.js Normal file
View File

@ -0,0 +1,224 @@
import { authentikFetch, clearAuthentikCache } from '../../utils/authentik';
import { requireAuth } from '../../utils/auth';
// Simplified /api/applications endpoint
export default defineEventHandler(async (event) => {
const method = getMethod(event);
switch (method) {
case 'GET':
// Public endpoint for listing applications
try {
const response = await authentikFetch('/core/applications/');
return response;
} catch (error) {
console.error('❌ Failed to fetch applications:', error.message);
throw error;
}
case 'POST':
// TODO: Add authentication later - for now make it public for testing
await requireAuth(event);
try {
const body = await readBody(event);
console.log(`🔨 Creating application: ${body.name} (${body.providerType})`);
// Simplified application creation - just the essentials
// Create application first
const applicationData = {
name: body.name,
slug: body.slug || body.name.toLowerCase().replace(/\s+/g, '-').replace(/[^a-z0-9-]/g, ''),
meta_description: body.meta_description || body.description,
meta_publisher: body.meta_publisher || 'CorradAF RBAC',
meta_launch_url: body.meta_launch_url || body.launchUrl
};
let application;
try {
application = await authentikFetch('/core/applications/', {
method: 'POST',
body: applicationData
});
console.log('✅ Application created successfully');
} catch (appError) {
console.error('❌ Application creation failed:', appError.message);
if (appError.data) {
console.error('Details:', JSON.stringify(appError.data, null, 2));
}
throw appError;
}
// Create provider based on type (simplified presets)
if (body.providerType && application.pk) {
try {
console.log(`🔨 Creating ${body.providerType.toUpperCase()} provider...`);
// Get required flows for all providers
const flows = await authentikFetch('/flows/instances/');
// Find required flows
const authFlows = flows.results.filter(flow => flow.designation === 'authentication');
const invalidationFlows = flows.results.filter(flow => flow.designation === 'invalidation');
const defaultAuthFlow = authFlows.find(flow => flow.slug === 'default-authentication-flow') || authFlows[0];
const defaultInvalidationFlow = invalidationFlows.find(flow => flow.slug === 'default-invalidation-flow') || invalidationFlows[0];
if (!defaultAuthFlow) {
throw new Error('No authentication flow found - required for all providers');
}
let provider = null;
switch (body.providerType) {
case 'oauth2':
// OAuth2/OIDC provider preset
const oauth2Data = {
name: `${body.name} OAuth2`,
client_type: 'confidential',
authorization_flow: defaultAuthFlow.pk,
invalidation_flow: defaultInvalidationFlow?.pk,
redirect_uris: [
{
matching_mode: 'strict',
url: `${body.meta_launch_url || body.launchUrl}/auth/callback`
}
]
};
try {
provider = await authentikFetch('/providers/oauth2/', {
method: 'POST',
body: oauth2Data
});
console.log('✅ OAuth2 provider created');
} catch (oauth2Error) {
console.error('❌ OAuth2 provider failed:', oauth2Error.message);
if (oauth2Error.data) {
console.error('Details:', JSON.stringify(oauth2Error.data, null, 2));
}
throw oauth2Error;
}
break;
case 'saml':
// SAML provider preset
const samlData = {
name: `${body.name} SAML`,
acs_url: `${body.meta_launch_url || body.launchUrl}/saml/acs`,
audience: body.slug,
issuer: `corradaf-${body.slug}`,
sp_binding: 'post',
authorization_flow: defaultAuthFlow.pk,
invalidation_flow: defaultInvalidationFlow?.pk
};
try {
provider = await authentikFetch('/providers/saml/', {
method: 'POST',
body: samlData
});
console.log('✅ SAML provider created');
} catch (samlError) {
console.error('❌ SAML provider failed:', samlError.message);
if (samlError.data) {
console.error('Details:', JSON.stringify(samlError.data, null, 2));
}
throw samlError;
}
break;
case 'ldap':
// LDAP provider preset
const ldapData = {
name: `${body.name} LDAP`,
base_dn: 'dc=ldap,dc=goauthentik,dc=io',
authorization_flow: defaultAuthFlow.pk,
invalidation_flow: defaultInvalidationFlow?.pk
};
try {
provider = await authentikFetch('/providers/ldap/', {
method: 'POST',
body: ldapData
});
console.log('✅ LDAP provider created');
} catch (ldapError) {
console.error('❌ LDAP provider failed:', ldapError.message);
if (ldapError.data) {
console.error('Details:', JSON.stringify(ldapError.data, null, 2));
}
throw ldapError;
}
break;
case 'proxy':
// Proxy provider preset
const proxyData = {
name: `${body.name} Proxy`,
external_host: body.meta_launch_url || body.launchUrl,
internal_host: body.meta_launch_url || body.launchUrl,
authorization_flow: defaultAuthFlow.pk,
invalidation_flow: defaultInvalidationFlow?.pk
};
try {
provider = await authentikFetch('/providers/proxy/', {
method: 'POST',
body: proxyData
});
console.log('✅ Proxy provider created');
} catch (proxyError) {
console.error('❌ Proxy provider failed:', proxyError.message);
if (proxyError.data) {
console.error('Details:', JSON.stringify(proxyError.data, null, 2));
}
throw proxyError;
}
break;
}
// Link provider to application
if (provider && provider.pk) {
await authentikFetch(`/core/applications/${application.slug}/`, {
method: 'PATCH',
body: {
provider: provider.pk
}
});
console.log(`${body.providerType.toUpperCase()} provider linked to application`);
} else {
console.warn('⚠️ Provider was not created properly');
}
} catch (providerError) {
console.warn('⚠️ Provider creation failed, but application was created:', providerError.message);
// Don't fail the entire operation if provider creation fails
}
}
// Clear Authentik cache to ensure changes take effect immediately
try {
await clearAuthentikCache();
console.log('✅ Cache cleared after application creation');
} catch (cacheError) {
console.warn('⚠️ Cache clearing failed but application was created:', cacheError.message);
// Continue even if cache clearing fails
}
return {
...application,
message: 'Application created successfully'
};
} catch (error) {
console.error('❌ Failed to create application:', error.message);
throw error;
}
default:
throw createError({
statusCode: 405,
message: 'Method not allowed'
});
}
});

76
server/api/auth/callback.js Normal file
View File

@ -0,0 +1,76 @@
// OAuth2 callback endpoint
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
const query = getQuery(event);
if (query.error) {
throw createError({
statusCode: 400,
message: query.error_description || 'Authentication failed'
});
}
if (!query.code) {
throw createError({
statusCode: 400,
message: 'No authorization code received'
});
}
try {
// Exchange code for tokens
const tokens = await $fetch(`${config.public.authentikUrl}/application/o/token/`, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'authorization_code',
code: query.code,
redirect_uri: `${config.public.appUrl}/api/auth/callback`,
client_id: config.authentik.clientId,
client_secret: config.authentik.clientSecret
})
});
// Get user info using access token
const userInfo = await $fetch(`${config.public.authentikUrl}/application/o/userinfo/`, {
headers: {
'Authorization': `Bearer ${tokens.access_token}`
}
});
// Set cookies
setCookie(event, 'auth_token', tokens.access_token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 60 * 60 * 24 // 24 hours
});
setCookie(event, 'refresh_token', tokens.refresh_token, {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 60 * 60 * 24 * 30 // 30 days
});
// Store user info
setCookie(event, 'user_info', JSON.stringify(userInfo), {
httpOnly: true,
secure: process.env.NODE_ENV === 'production',
sameSite: 'lax',
maxAge: 60 * 60 * 24 // 24 hours
});
// Redirect to dashboard
return sendRedirect(event, '/dashboard');
} catch (error) {
console.error('OAuth token exchange error:', error);
throw createError({
statusCode: error.response?.status || 500,
message: 'Failed to authenticate with Authentik'
});
}
});

13
server/api/auth/login.js Normal file
View File

@ -0,0 +1,13 @@
// Login endpoint - redirects to Authentik OAuth2
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
// Redirect to Authentik login
const authUrl = new URL('/application/o/authorize/', config.public.authentikUrl);
authUrl.searchParams.append('client_id', config.authentik.clientId);
authUrl.searchParams.append('redirect_uri', `${config.public.appUrl}/api/auth/callback`);
authUrl.searchParams.append('response_type', 'code');
authUrl.searchParams.append('scope', 'openid profile email');
return sendRedirect(event, authUrl.toString());
});

93
server/api/auth/login.post.js
View File

@ -1,93 +0,0 @@
import sha256 from "crypto-js/sha256.js";
import jwt from "jsonwebtoken";
const ENV = useRuntimeConfig();
export default defineEventHandler(async (event) => {
try {
const { username, password } = await readBody(event);
if (!username || !password) {
return {
statusCode: 400,
message: "Username and password are required",
};
}
const user = await prisma.user.findFirst({
where: {
userUsername: username,
},
});
if (!user) {
return {
statusCode: 404,
message: "User does not exist",
};
}
const hashedPassword = sha256(password).toString();
if (user.userPassword !== hashedPassword) {
return {
statusCode: 401,
message: "Invalid password",
};
}
// Get user roles
const roles = await prisma.userrole.findMany({
where: {
userRoleUserID: user.userID,
},
select: {
role: {
select: {
roleName: true,
},
},
},
});
const roleNames = roles.map((r) => r.role.roleName);
const accessToken = generateAccessToken({
username: user.userUsername,
roles: roleNames,
});
const refreshToken = generateRefreshToken({
username: user.userUsername,
roles: roleNames,
});
// Set cookie httpOnly
event.res.setHeader("Set-Cookie", [
`accessToken=${accessToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
`refreshToken=${refreshToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
]);
return {
statusCode: 200,
message: "Login success",
data: {
username: user.userUsername,
roles: roleNames,
},
};
} catch (error) {
console.log(error);
return {
statusCode: 500,
message: "Internal server error",
};
}
});
function generateAccessToken(user) {
return jwt.sign(user, ENV.auth.secretAccess, { expiresIn: "1d" });
}
function generateRefreshToken(user) {
return jwt.sign(user, ENV.auth.secretRefresh, { expiresIn: "30d" });
}

19
server/api/auth/logout.get.js
View File

@ -1,19 +0,0 @@
export default defineEventHandler(async (event) => {
try {
event.res.setHeader("Set-Cookie", [
`accessToken=; HttpOnly; Secure; SameSite=Lax; Path=/`,
`refreshToken=; HttpOnly; Secure; SameSite=Lax; Path=/`,
]);
return {
statusCode: 200,
message: "Logout success",
};
} catch (error) {
console.log(error);
return {
statusCode: 400,
message: "Server error",
};
}
});

12
server/api/auth/logout.js Normal file
View File

@ -0,0 +1,12 @@
// Logout endpoint
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
// Clear auth cookies
deleteCookie(event, 'auth_token');
deleteCookie(event, 'refresh_token');
deleteCookie(event, 'user_info');
// Redirect to our login page instead of Authentik logout
return sendRedirect(event, '/login');
});

28
server/api/auth/me.js Normal file
View File

@ -0,0 +1,28 @@
// Get current user endpoint
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
try {
const authToken = getCookie(event, 'auth_token');
if (!authToken) {
throw createError({
statusCode: 401,
message: 'Not authenticated'
});
}
const userInfo = await $fetch(`${config.public.authentikUrl}/application/o/userinfo/`, {
headers: {
'Authorization': `Bearer ${authToken}`
}
});
return userInfo;
} catch (error) {
throw createError({
statusCode: 401,
message: 'Invalid token'
});
}
});

34
server/api/auth/validate.get.js
View File

@ -1,34 +0,0 @@
export default defineEventHandler(async (event) => {
try {
const { userID } = event.context.user;
if (userID == null) {
return {
statusCode: 401,
message: "Unauthorized",
};
}
const validatedUser = await prisma.user.findFirst({
where: {
userID: parseInt(userID),
},
});
if (!validatedUser) {
return {
statusCode: 401,
message: "Unauthorized",
};
}
return {
statusCode: 200,
message: "Authorized",
};
} catch (error) {
return {
statusCode: 401,
message: "Unauthorized",
};
}
});

41
server/api/auth/validate.js Normal file
View File

@ -0,0 +1,41 @@
// Validate current authentication status
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
try {
const authToken = getCookie(event, 'auth_token');
if (!authToken) {
return {
statusCode: 401,
message: "Not authenticated - no token found"
};
}
// Verify token with Authentik
const userInfo = await $fetch(`${config.public.authentikUrl}/application/o/userinfo/`, {
headers: {
'Authorization': `Bearer ${authToken}`
}
});
if (!userInfo) {
return {
statusCode: 401,
message: "Invalid token"
};
}
return {
statusCode: 200,
message: "Authorized",
user: userInfo
};
} catch (error) {
console.error('Token validation error:', error);
return {
statusCode: 401,
message: "Unauthorized - token validation failed"
};
}
});

28
server/api/metabase/token.get.js
View File

@ -1,28 +0,0 @@
import jwt from "jsonwebtoken";
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
const METABASE_SECRET_KEY = config.metabase.secretKey;
const payload = {
resource: { dashboard: 2 },
params: {},
exp: Math.round(Date.now() / 1000) + 10 * 60, // 10 minute expiration
};
try {
const token = jwt.sign(payload, METABASE_SECRET_KEY);
return {
success: true,
token: token,
siteUrl: config.metabase.siteUrl
};
} catch (error) {
throw createError({
statusCode: 500,
statusMessage: 'Failed to generate Metabase token'
});
}
});

46
server/api/test-authentik.js Normal file
View File

@ -0,0 +1,46 @@
// Simple test endpoint to verify Authentik connection
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
try {
console.log('🧪 Testing Authentik connection...');
console.log('🔗 Authentik URL:', config.public.authentikUrl);
console.log('🔑 API Token exists:', !!config.authentik?.apiToken);
console.log('🔑 API Token length:', config.authentik?.apiToken?.length || 0);
// Test basic API access
const response = await $fetch(`${config.public.authentikUrl}/api/v3/core/applications/`, {
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${config.authentik.apiToken}`
}
});
return {
success: true,
message: 'Authentik connection successful!',
data: {
authentikUrl: config.public.authentikUrl,
applicationsCount: response.results?.length || 0,
tokenExists: !!config.authentik?.apiToken
}
};
} catch (error) {
console.error('❌ Authentik connection test failed:', error);
return {
success: false,
error: {
status: error.response?.status,
message: error.message,
details: error.response?.statusText
},
debugging: {
authentikUrl: config.public.authentikUrl,
tokenExists: !!config.authentik?.apiToken,
tokenLength: config.authentik?.apiToken?.length || 0
}
};
}
});

109
server/middleware/auth.js
View File

@ -1,109 +0,0 @@
import jwt from "jsonwebtoken";
const ENV = useRuntimeConfig();
export default defineEventHandler(async (event) => {
try {
const cookies = event.req.headers.cookie;
if (!cookies) throw new Error("Cookie not found");
let { accessToken, refreshToken, user } = parseCookie(cookies);
if (!accessToken) accessToken = null;
if (!refreshToken) refreshToken = null;
let { subdomain } = JSON.parse(user);
if (!subdomain) subdomain = null;
let payloadUser = null;
payloadUser = verifyAccessToken(accessToken);
if (!payloadUser) {
payloadUser = verifyRefreshToken(refreshToken);
if (!payloadUser) throw new Error("Unauthorized Refresh Token");
const accessToken = generateAccessToken({
email: payloadUser.email,
roles: payloadUser.roles,
});
// Set new access token
event.res.setHeader("Set-Cookie", [
`accessToken=${accessToken}; HttpOnly; Secure; SameSite=Lax; Path=/`,
]);
}
const getUser = await getUserInfo(payloadUser.username);
if (!getUser) throw new Error("User not found");
event.context.user = {
userID: getUser.userID || null,
email: payloadUser.email || null,
roles: payloadUser.roles || [],
};
return;
} catch (error) {
// console.log(error.message);
event.context.user = {
userID: null,
email: null,
roles: [],
};
return;
}
});
function parseCookie(str) {
return str
.split(";")
.map((v) => v.split("="))
.reduce((acc, v) => {
acc[decodeURIComponent(v[0].trim())] = decodeURIComponent(v[1].trim());
return acc;
}, {});
}
function verifyAccessToken(accessToken) {
try {
const token = ENV.auth.secretAccess;
return jwt.verify(accessToken, token);
} catch (error) {
return false;
}
}
function verifyRefreshToken(refreshToken) {
try {
const token = ENV.auth.secretRefresh;
return jwt.verify(refreshToken, token);
} catch (error) {
return false;
}
}
function generateAccessToken(user) {
try {
const token = ENV.auth.secretAccess;
return jwt.sign(user, token, { expiresIn: "1d" });
} catch (error) {
return false;
}
}
async function getUserInfo(username) {
try {
const user = await prisma.user.findFirst({
where: {
userUsername: username,
},
});
if (!user) return null;
return user;
} catch (error) {
console.log(error);
}
}

15
server/nitro.config.js
View File

@ -1,3 +1,16 @@
import { defineNitroConfig } from "nitropack";
export default defineNitroConfig({});
export default defineNitroConfig({
runtimeConfig: {
// Private keys (server-side only)
authentikApiToken: process.env.AUTHENTIK_API_TOKEN,
authentikClientId: process.env.AUTHENTIK_CLIENT_ID,
authentikClientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
// Public keys (client-side accessible)
public: {
appUrl: process.env.APP_URL || 'http://localhost:3000',
authentikUrl: process.env.AUTHENTIK_URL || 'http://localhost:9000'
}
}
});

75
server/utils/auth.js Normal file
View File

@ -0,0 +1,75 @@
// Authentication utilities for API routes - Updated for cookie-based auth
export const requireAuth = async (event) => {
const config = useRuntimeConfig();
// Check for auth_token in cookies (Authentik sends via cookies)
const authToken = getCookie(event, 'auth_token');
if (!authToken) {
console.error('❌ No auth_token cookie found');
throw createError({
statusCode: 401,
message: 'No authentication token provided'
});
}
try {
// Decode JWT token locally (no API call needed since token contains all user info)
console.log('🔐 Decoding JWT token...');
// Simple JWT decode (split and base64 decode the payload)
const tokenParts = authToken.split('.');
if (tokenParts.length !== 3) {
throw new Error('Invalid JWT format');
}
// Decode the payload (second part of JWT)
const payload = JSON.parse(Buffer.from(tokenParts[1], 'base64').toString());
// Check if token is expired
const now = Math.floor(Date.now() / 1000);
if (payload.exp && payload.exp < now) {
throw new Error('Token has expired');
}
// Extract user information from JWT payload
const userInfo = {
sub: payload.sub,
email: payload.email,
email_verified: payload.email_verified,
name: payload.name,
given_name: payload.given_name,
preferred_username: payload.preferred_username,
nickname: payload.nickname,
groups: payload.groups || [],
uid: payload.uid
};
console.log('✅ Authentication successful for user:', userInfo.preferred_username);
// Add user info to event context
event.context.auth = userInfo;
event.context.authToken = authToken;
return userInfo;
} catch (error) {
console.error('❌ Token verification failed:', error.message);
throw createError({
statusCode: 401,
message: 'Invalid or expired authentication token'
});
}
};
// Optional: Get current user from context (after requireAuth is called)
export const getCurrentUser = (event) => {
return event.context.auth;
};
// Optional: Check if user has specific permissions
export const hasPermission = (event, permission) => {
const user = getCurrentUser(event);
if (!user || !user.permissions) return false;
return user.permissions.includes(permission);
};

84
server/utils/authentik.js Normal file
View File

@ -0,0 +1,84 @@
// Simplified Authentik API utilities
export const authentikFetch = async (endpoint, options = {}) => {
const config = useRuntimeConfig();
const AUTHENTIK_BASE_URL = `${config.public.authentikUrl}/api/v3`;
// Debug: Check if token exists
if (!config.authentik?.apiToken) {
console.error('❌ AUTHENTIK_API_TOKEN is missing from environment variables');
throw createError({
statusCode: 500,
message: 'Authentik API token not configured. Please set AUTHENTIK_API_TOKEN in your .env file'
});
}
const defaultOptions = {
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${config.authentik.apiToken}`
}
};
try {
const response = await $fetch(`${AUTHENTIK_BASE_URL}${endpoint}`, {
...defaultOptions,
...options,
headers: {
...defaultOptions.headers,
...options.headers
}
});
return response;
} catch (error) {
// Only log errors that need attention
console.error(`❌ Authentik API Error: ${endpoint} - ${error.message}`);
// More specific error messages
if (error.response?.status === 403) {
throw createError({
statusCode: 403,
message: 'Authentik API token does not have sufficient permissions. Please check your token configuration in Authentik admin.',
data: error.data || error.response?._data
});
}
if (error.response?.status === 401) {
throw createError({
statusCode: 401,
message: 'Authentik API token is invalid or expired. Please check AUTHENTIK_API_TOKEN in your .env file.',
data: error.data || error.response?._data
});
}
throw createError({
statusCode: error.response?.status || 500,
message: error.message || 'Failed to communicate with Authentik API',
data: error.data || error.response?._data
});
}
};
// Only keep essential helper functions - no over-engineering
export const getAuthentikUser = async (userId) => {
return await authentikFetch(`/core/users/${userId}/`);
};
export const getAuthentikGroups = async () => {
return await authentikFetch('/core/groups/');
};
// Clear Authentik policy cache
export const clearAuthentikCache = async () => {
try {
console.log('🧹 Clearing Authentik policy cache...');
const response = await authentikFetch('/policies/all/cache_clear/', {
method: 'POST'
});
console.log('✅ Authentik cache cleared successfully');
return { success: true, message: 'Cache cleared successfully' };
} catch (error) {
console.error('❌ Failed to clear Authentik cache:', error);
throw error;
}
};