feat: Enterprise Edition - Multi-User Support with RBAC #315
Open
feat: Enterprise Edition - Multi-User Support with RBAC #315
Conversation
FFengIll
force-pushed
the
feat/enterprise
branch
from
5351682 to
edbec01
Compare
FFengIll
changed the title
- Add architecture documentation cache (docs/arch/20260207-arch.md) - Add enterprise edition specification (docs/spec/20260207-enterprise-edition.md) - Implement enterprise database schema with GORM models - User model with role-based access (admin, user, readonly) - APIToken model with scope-based permissions - Session model for JWT session management - AuditLog model for compliance tracking - Implement user repository and domain model - Implement token repository and domain model - Implement session and audit log repositories - All code isolated in internal/enterprise/ package - Complete backward compatibility with community edition Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add password hashing service using Argon2id - Add JWT service for access and refresh token generation - Add authentication service with login/logout/refresh - Add user service with CRUD and management operations - Add token service with API token management - Add RBAC middleware with role and scope-based authorization - Add admin HTTP handlers for all enterprise operations - Add admin router with /enterprise/api/v1 prefix Features: - Multi-user authentication with JWT - API token management with scopes - Role-based access control (admin, user, readonly) - Audit logging for compliance - Session management - Password strength validation - Token expiration handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Frontend: - Add enterprise types and interfaces - Add enterprise API service with token refresh - Add EnterpriseAuthContext for authentication state - Add enterprise login page with username/password - Add enterprise admin panel with user management - Update App.tsx with enterprise routes (/enterprise/login, /enterprise/admin) Features: - Multi-user authentication with JWT - User CRUD operations - Role-based UI permissions - Token refresh handling - Form validation and error handling Tests: - Add password hashing tests (Argon2id) - Add JWT token generation and validation tests - Add token refresh tests - Add token expiry tests - Add password strength validation tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add comprehensive enterprise README with: - Feature overview - Architecture documentation - API endpoint reference - Security features - Getting started guide - Integration with community edition - Troubleshooting guide - Add quick start guide in docs/enterprise/README.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ensive tests Database Isolation: - Use separate database file: tingly_enterprise.db - Add EnterpriseDBConfig with configurable SQLite options - Add connection pooling and health check - Add default admin user creation on first init - Enterprise database is ONLY accessed through enterprise module Integration Interface Layer: - Add Integration interface with clear contract - Add authentication methods (ValidateAccessToken, ValidateAPIToken) - Add user information methods (GetUserInfo, HasPermission, HasRole) - Add HTTP middleware (AuthMiddleware, RequirePermission, RequireRole) - Add admin management methods (CreateUser, UpdateUser, ResetPassword) - Add token management methods (CreateAPIToken, ListAPITokens, RevokeAPIToken) - Add audit and statistics methods - Add cleanup methods (CleanupExpired) Unit Tests: - Add user model tests (Create, GetByUsername, Activate, List, etc.) - Add user service tests (CreateUser, ChangePassword, DuplicateUsername) - Add token model tests (Create, ValidateToken, Delete, CleanupExpired) - Add RBAC middleware tests (AuthMiddleware, RequireRole, RequirePermission) - Add permission and role validation tests Maintains complete isolation from community edition while providing clean integration points for external systems. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add test runner Go program for automated testing - Add shell script for running all enterprise tests - Tests can be run from repository root with: ./tests/enterprise/run_tests.sh Test packages covered: - internal/enterprise/auth - internal/enterprise/user - internal/enterprise/token - internal/enterprise/rbac Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Test Coverage Report (docs/enterprise/TEST_COVERAGE.md): - Test coverage summary by module - Coverage estimates (~75% overall) - Running tests instructions - Test quality notes and improvement areas Integration Guide (docs/enterprise/INTEGRATION.md): - Complete integration interface documentation - Step-by-step integration instructions - Example code for common integration scenarios - Authentication middleware usage examples - Permission and role checking examples - API endpoint reference - Troubleshooting guide - Migration path from community edition These documents provide everything needed to integrate the enterprise module into external systems while maintaining complete isolation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add complete example demonstrating enterprise module integration: - Self-running demo with 10 test steps - HTTP server with public/protected/admin routes - Demonstrates user management, token creation, RBAC Example features: - Automated testing of all core enterprise features - Reuses existing users on repeated runs - Comprehensive logging with colored output - Graceful shutdown after demo completion Enterprise module fixes: - Fix SQLite DSN construction (file:path?option=value) - Remove duplicate EnterpriseDB declaration - Add context import to handlers - Fix gin.Error typo in handlers - Remove duplicate error declarations in user package - Remove unused imports and variables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
FFengIll
force-pushed
the
feat/enterprise
branch
from
edbec01 to
aad4b6e
Compare
FFengIll
changed the title
andreasfoo
reviewed
Feb 8, 2026
| if !ei.enabled { | ||
| return ErrNotEnabled | ||
| } | ||
|
|
| if !ei.enabled { | ||
| return nil, ErrNotEnabled | ||
| } | ||
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the Enterprise Edition for Tingly Box, adding multi-user authentication, role-based access control (RBAC), API token management, and
administrative capabilities. The enterprise features are completely isolated from the community edition codebase and can be optionally enabled via
configuration.
Key Features
Changes
Backend (internal/enterprise/) - ~6,000+ lines:
Frontend (frontend/src/pages/enterprise/) - ~1,100+ lines:
Documentation:
Examples (examples/enterprise/):
Tests (tests/enterprise/):
Database Schema
New isolated tables with ent_ prefix:
Configuration
Enable via scenario flag in ~/.tingly-box/config.json:
Test Plan