Commit Graph

5 Commits

Author SHA1 Message Date
prosolis
56fe8d7c88 Make Resend from-address config-only; drop credential status rows
The Settings page no longer renders the Resend From Address input or any
of the read-only "Set in config.toml" credential status rows (Apify key,
eBay id/secret, ntfy auth, Resend key). Those rows looked like editable
inputs but were dead text, and duplicated what the Test buttons verify
more authoritatively.

- resend_from is now sourced only from config.toml ([resend] from); it is
  removed from settingsKeys, the test-Resend handler, the scheduler email
  client, and the schema seed.
- Removed the credStatus templ component, the CredentialStatus field on
  SettingsData, and the credentialStatus() handler helper.
2026-06-20 15:42:14 -07:00
prosolis
4fb1a4553e Harden forward-auth, per-user isolation, and budget accuracy
Code-review fixes on the Authentik/budget/Resend work:

- UpsertForwardUser: avoid 500 lockout on username UNIQUE collision and
  on the concurrent first-login race; normalize emails (lower+trim) so
  case variants don't create duplicate accounts.
- Centralize email management in Authentik: when forward-auth mode is on,
  email is read-only in Veola for every user (not just forward rows);
  pure-local deployments keep editable email for Resend.
- Fail closed on per-user isolation: ownedItem rejects uid==0/orphaned
  items; dashboard and global results error on a userless request.
- Budget accuracy: count Apify usage only after a successful run, and
  count the billed Test Apify run.
- Efficiency: resolve the deal-email recipient once per poll; build the
  settings page once in PostEmailPrefs.
2026-06-20 14:05:04 -07:00
prosolis
feea126c5e Add per-user item ownership and isolation
Items are now private to their owner. Add items.user_id (migrated in
place, existing items backfilled to the first admin) and scope every
item, results, and dashboard view to the signed-in user via owner-scoped
queries plus an ownedItem 404 guard. Admins get strict isolation too;
elevation stays limited to settings and user management.

Alert routing follows ownership: deal emails go only to the item owner
and the weekly digest is built per-recipient from their own items. The
scheduler still polls every active item; the Apify/eBay budget stays a
shared pool visible to all.

Add TestItemsArePrivatePerUser and seed owners in db tests.
2026-06-20 13:39:19 -07:00
prosolis
ed03494edf Window dashboard Money Saved to 30-day average 2026-06-20 11:57:54 -07:00
prosolis
7c95e4fd4e Add Authentik SSO, budget visibility, Resend email, 12h item default
Opens Veola up to more users (Parodia's Authentik) and makes Apify spend
visible to everyone.

- Auth: Traefik forward-auth (trust X-Authentik-* headers only from
  trusted_proxies CIDRs, keyed by email, role synced from admin_group),
  keeping local password login as break-glass. New [auth] config,
  CaptureDirectIP + ForwardAuth middleware, deploy/authentik-forward-auth.md.
- Budget: count every Apify run (apify_api_usage table) and show
  calls + estimated cost to all users on the dashboard, with an optional
  monthly-budget bar. New [budget] config + settings.
- Email: Resend client for opt-in deal alerts and a weekly digest
  (Mon 09:00). Per-user email + toggles on Settings. New [resend] config.
- Defaults: new items default to a 12-hour poll interval to cut spend.

users table gains email/auth_source/email-pref columns (migrated in place).
go build/vet/test green; boots and migrates cleanly.
2026-06-20 11:12:11 -07:00