ronnibaslund/dezky
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: portal redesign, pricing catalog, partner-staff invites

Browse Source 
- portal: new admin/ and partner/ surfaces with full component library
  (AppLauncher, Avatar, Badge, Card, Modal, Tabs, etc.), composables,
  layouts, partner-routing middleware, and supporting server APIs
- pricing: Price schema/module with operator CRUD, pricing.vue catalog UI,
  Subscription extended with cycle/currency/perSeatAmount/seats snapshots
  for stable MRR aggregation
- partner staff: User.partnerId, invite-partner-user DTO and flow,
  /partners/:slug/users endpoints, InvitePartnerUserModal, shared
  dezky-partner-staff Authentik group
- /me: partner-aware endpoint returning user + partner context so portal
  can route between end-user and partner-admin surfaces
- tenant: seats field for portfolio displays and future MRR calculations
- operator: pricing page, signed-out page, useMe/useToast composables,
  ToastStack
This commit is contained in:
Ronni Baslund
2026-05-28 20:00:33 +02:00
parent be430179d9
commit 0bd4e5498e
144 changed files with 22110 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/operator/server/api/auth/sign-out.get.ts
+35
View File
@@ -0,0 +1,35 @@
// Sign-out for the operator portal. Same shape as the customer portal's
// sign-out (apps/portal/server/api/auth/sign-out.get.ts) — ends BOTH the
// local nuxt-oidc-auth session AND the Authentik IdP session so the next
// person at the same browser must re-enter credentials. Required for
// shared-workstation safety; operator portal carries elevated privileges.
//
// Flow:
// 1. Read the id_token off the local session (needed as id_token_hint).
// 2. Clear the local session (cookie + persistent store).
// 3. 302 the BROWSER through Authentik's dezky-operator end-session URL
// with post_logout_redirect_uri=/signed-out.
//
// The brief URL-bar flash to auth.dezky.local is unavoidable: that's the
// only host that can clear the Authentik session cookie (server-to-server
// invalidation alone leaves the browser cookie, which would let the next
// visit silently re-authorize).
import { getUserSession, clearUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.js'
const END_SESSION = 'https://auth.dezky.local/application/o/dezky-operator/end-session/'
const POST_LOGOUT_REDIRECT = 'https://operator.dezky.local/signed-out'
export default defineEventHandler(async (event) => {
const session = await getUserSession(event).catch(() => ({} as any))
const idToken: string | undefined = (session as any).idToken
await clearUserSession(event).catch(() => {})
const params = new URLSearchParams({
post_logout_redirect_uri: POST_LOGOUT_REDIRECT,
...(idToken && { id_token_hint: idToken }),
})
return sendRedirect(event, `${END_SESSION}?${params.toString()}`, 302)
})