ronnibaslund/dezky
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(platform-api): multi-audience JWT + Partner CRUD + tenant lifecycle (O.2)

Browse Source 
JwtAuthGuard now accepts a comma-separated AUTHENTIK_AUDIENCE
('dezky-portal,dezky-operator'). jose.jwtVerify takes an array and succeeds
on any match — both customer-portal and operator-portal tokens validate
against this service. Per-endpoint guards restrict further.

New OperatorGuard enforces operator-only mutations:
  1. JWT audience claim includes 'dezky-operator' (proof from the token
     alone that this is a privileged session)
  2. ActorService-resolved User has platformAdmin=true (DB check so
     revocation works without waiting for the token to expire)
Both required; either alone is insufficient.

Partner module:
  - Partner schema: slug, name, domain, status, marginPct, contactInfo,
    billingInfo. marginPct is one number per partner (decided in grilling)
  - CRUD endpoints under @UseGuards(JwtAuthGuard, OperatorGuard) — every
    partner mutation requires operator scope
  - GET /partners returns each row with a computed customers count from
    aggregating Tenant.partnerId. MRR aggregation deferred until
    Subscription gains a price column
  - GET /partners/:slug/tenants for the partner detail view
  - DELETE soft-terminates (status='terminated') — never hard-delete
    because tenants may still reference the partner

Tenant changes:
  - partnerId?: Types.ObjectId (ref Partner, indexed sparse) added to
    Tenant schema
  - UpdateTenantDto accepts partnerId so PATCH can attach/detach
  - POST /tenants/:slug/suspend and /resume — operator-only via
    OperatorGuard. PATCH already covers plan/domains/partnerId changes

Smoke test: customer-portal session sends POST /api/partners through the
portal proxy → 403 "This endpoint requires an operator-scoped token". The
positive test (operator-token → 200) waits for O.3 when there's an
operator app to mint the right token.

apps/portal/server/api/partners/index.post.ts is a temporary verification
proxy — delete once the operator portal exists.
This commit is contained in:
Ronni Baslund
2026-05-24 07:08:59 +02:00
parent 3573188431
commit 2db41fec5e
17 changed files with 474 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/platform-api/src/partners/dto/update-partner.dto.ts
+46
View File
@@ -0,0 +1,46 @@
import { Type } from 'class-transformer'
import {
IsEmail,
IsEnum,
IsInt,
IsOptional,
IsString,
Max,
MaxLength,
Min,
MinLength,
ValidateNested,
} from 'class-validator'
class ContactInfoDto {
@IsOptional() @IsString() @MaxLength(200) primaryName?: string
@IsOptional() @IsEmail() primaryEmail?: string
@IsOptional() @IsEmail() billingEmail?: string
}
class BillingInfoDto {
@IsOptional() @IsString() @MaxLength(200) companyName?: string
@IsOptional() @IsString() @MaxLength(40) vatId?: string
@IsOptional() @IsString() @MaxLength(2) country?: string
@IsOptional() @IsEmail() contactEmail?: string
}
export class UpdatePartnerDto {
@IsOptional() @IsString() @MinLength(2) @MaxLength(120)
name?: string
@IsOptional() @IsString() @MinLength(3) @MaxLength(120)
domain?: string
@IsOptional() @IsEnum(['active', 'in-negotiation', 'paused', 'terminated'])
status?: 'active' | 'in-negotiation' | 'paused' | 'terminated'
@IsOptional() @IsInt() @Min(0) @Max(100)
marginPct?: number
@IsOptional() @ValidateNested() @Type(() => ContactInfoDto)
contactInfo?: ContactInfoDto
@IsOptional() @ValidateNested() @Type(() => BillingInfoDto)
billingInfo?: BillingInfoDto
}