vikunja/pkg
Claude 64c3f464ac
feat: add project-scoped API tokens
Add optional project scope to API tokens, allowing tokens to be restricted
to a specific project and optionally its sub-projects. This builds on the
existing API token system by adding two new fields: project_id and
include_sub_projects.

Key changes:
- Database migration adding project_id and include_sub_projects columns
- ProjectScopedAuth wrapper type implementing web.Auth with scope info
- AuthUnwrapper interface for transparent auth type unwrapping
- Scope enforcement in project/task permission checks and list queries
- Middleware resolves scoped project IDs (with recursive CTE for sub-projects)
- Frontend: project selector in token creation form, scope display in list
- Tests for scope resolution, permission enforcement, and token creation

https://claude.ai/code/session_015JjPNeSkwxYQNCeMf2PYTi
2026-03-22 11:28:40 +00:00
..
caldav fix(caldav): parse timestamps in configured timezone 2026-03-03 12:18:48 +01:00
cmd fix(cli): make user deletion confirmation check Windows compatible (#2339) 2026-03-05 15:19:08 +01:00
config style: fix alignment in config key declarations 2026-03-20 11:08:00 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
doctor refactor: remove typesense support 2026-02-25 12:15:28 +01:00
e2etests test(webhooks): allow non-routable IPs in E2E tests 2026-03-19 15:18:06 +01:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-03-21 01:09:32 +00:00
initialize refactor: remove typesense support 2026-02-25 12:15:28 +01:00
log fix(log): write each log category to its own file (#2206) 2026-02-08 15:22:58 +00:00
mail fix(mail): disable queue when mailer disabled (#2069) 2026-01-08 15:51:31 +01:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
models feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
modules feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
notifications test: add tests for conversational email system 2026-03-08 16:03:47 +01:00
plugins fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
swagger [skip ci] Updated swagger docs 2026-03-19 09:26:05 +00:00
user feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
utils refactor(utils): extract ContainsPathTraversal to shared utils package 2026-02-25 13:01:00 +01:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web feat: add project-scoped API tokens 2026-03-22 11:28:40 +00:00
webtests test: verify CalDAV token auth bypasses TOTP check 2026-03-20 12:22:27 +00:00