Skip to content

Add admin_settings table with grouped JSON config columns#25

Merged
rbrasier merged 3 commits into
mainfrom
claude/admin-settings-auth-schema-2qipnf
Jun 27, 2026
Merged

Add admin_settings table with grouped JSON config columns#25
rbrasier merged 3 commits into
mainfrom
claude/admin-settings-auth-schema-2qipnf

Conversation

@rbrasier

Copy link
Copy Markdown
Owner

Introduces the admin_settings singleton table for runtime configuration
with three jsonb columns instead of a single value blob, so unrelated
sections can be patched independently:

  • ai_configuration: AI provider/model/secret config
  • login_settings: auth method + registration options
  • extended_settings: forward-compatible catch-all for future sections

Each column is NOT NULL defaulting to '{}'. Standard id/created_at/
updated_at columns and the admin_ group prefix follow the schema rules.
Exports the table from schema/index.ts and adds the generated Drizzle
migration.

Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com
Claude-Session: https://claude.ai/code/session_01TWzYnSpeJoYnYrXL8WVJ3B

claude added 3 commits June 27, 2026 06:27
Introduces the admin_settings singleton table for runtime configuration
with three jsonb columns instead of a single value blob, so unrelated
sections can be patched independently:
- ai_configuration: AI provider/model/secret config
- login_settings: auth method + registration options
- extended_settings: forward-compatible catch-all for future sections

Each column is NOT NULL defaulting to '{}'. Standard id/created_at/
updated_at columns and the admin_ group prefix follow the schema rules.
Exports the table from schema/index.ts and adds the generated Drizzle
migration.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TWzYnSpeJoYnYrXL8WVJ3B
Implements the admin-settings-auth-pages phase. Two capabilities built on the
grouped-column admin_settings schema:

Auth pages & approval
- Standalone /login, /register, /reset-password (+ /reset-password/[token]) on a
  shared email+password AuthForm; /admin/login redirects to /login?next=/admin.
- Better Auth password-reset flow wired to a logging mailer stub.
- core_users.status (active/pending/rejected): new sign-ups land pending unless
  approval is disabled; session creation is blocked for non-active accounts via
  databaseHooks. /admin/users gains a pending queue + status column.

Runtime settings store
- SettingsService merges DB-over-env per field, caches with a version for lazy
  auth rebuild, resolves/decrypts AI keys, redacts secrets to set/unset.
- DrizzleSettingsRepository maps the three jsonb columns (login_settings,
  ai_configuration, extended_settings); idempotent env seed on first boot.
- AesSecretCipher (AES-256-GCM) keyed by APP_SETTINGS_ENCRYPTION_KEY; provider
  factory + LanguageModelAdapter take a per-request key so provider/key changes
  apply with no redeploy.
- /admin/settings: Login Methods + AI Configuration cards with masked secrets
  and per-section env/db source hints.
- tRPC settings router (settings.manage) and user approve/reject/listPending
  (users.write).

Config & docs
- env APP_SETTINGS_ENCRYPTION_KEY (base64->32 bytes, required in prod); both
  installers generate it and note runtime config moved to /admin/settings.
- Tests written first for shared schema, SettingsService, approval use-cases,
  AesSecretCipher, and the installer key helper.
- VERSION/package.json -> 1.2.0; changeset; phase doc moved to implemented/v1.2.0
  with an implementation summary documenting the grouped-column deviation.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TWzYnSpeJoYnYrXL8WVJ3B
Pass an explicit authTagLength to createCipheriv/createDecipheriv so a
truncated authentication tag cannot be accepted on decrypt. Resolves the
Semgrep gcm-no-tag-length blocking finding in the security scan.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TWzYnSpeJoYnYrXL8WVJ3B
@rbrasier rbrasier merged commit 5045f2b into main Jun 27, 2026
4 checks passed
@rbrasier rbrasier deleted the claude/admin-settings-auth-schema-2qipnf branch June 27, 2026 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants