i18n/request.ts: delegate to kit's createI18nConfig — locale resolution
chain (cookie → access_token claim → Accept-Language → default) now lives
in the kit instead of being reimplemented here. LogoutButton becomes a
thin re-export of the kit version. Lockfile reflects updated dep graph.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- AccountSettings's existing language picker now persists to FreeIPA
via LDAP modify as svc-gsc-admin (new role 'User Preferred
Language Manager' granted `write` on `preferredLanguage`).
- Server action also sets NEXT_LOCALE cookie Domain=.gosec.internal
so admin.gosec.internal / siblings pick up the change before the
next Keycloak token refresh.
- src/i18n/request.ts updated to read the Keycloak claim
`preferred_language` (resolution: cookie → claim → header → en).
Other AccountSettings fields are accepted silently for now; they'll
move to FreeIPA / dedicated stores in the Phase 2 cleanup. + ldapts
dep for the LDAP client.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
gscMy /settings now hosts a single Language picker.
- Persisted in admin.users.locale (keyed by gscSID). Per the
gsc-identity-boundaries decision, locale is one of the explicitly
allowed app-local preference columns.
- Cross-app effect via NEXT_LOCALE cookie set with
Domain=.gosec.internal — every sibling host on *.gosec.internal
picks it up on the next request (no relogin, no DB read).
- Server action prisma.user.upsert + cookies().set; client form
reloads after save so next-intl re-resolves immediately.
This deliberately collapses the previous kitchen-sink AccountSettings
page (which depended on the broken gscUserId/getUserEffectiveSettings
path) — full settings UI will return when the database/users.ts
redesign in Phase-2 lands.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Same locale-prefix 404 fix as gscAdmin: kit AdminShell no longer
prepends /{locale} to internal URLs, since gscMy's app tree has no
[locale] segment.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The kit's AdminShell resolves DbMenuItem.translationKey via
next-intl. gscMy's i18n config has a getMessageFallback that
returns the key verbatim when no translation exists, so passing
the legacy human-readable name ("Dashboard", "Profile", …) as
the translationKey makes the sidebar render correctly without
needing new translations.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The kit's session.user.id is a NextAuth UUID — opaque, per-session
plumbing. The canonical cross-service identity is the FreeIPA uid
exposed as `gscSid` in the kit session. Grants written by gscMy
must use that key so gscAdmin's authz lookup (which uses the
same gscSID-as-key convention) hits them.
- All /api/pam/* routes now require `user.gscSid` instead of `user.id`
- authz.hasRole/requireRole/hasAnyRole take `{gscSid,roles}` shape
- whoami debug endpoint now shows gscSid for verification
- New helper src/lib/session-helpers.ts:getGscsid() for callers
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Temporary endpoint to verify what `realm_access.roles` Keycloak puts
into the access token vs. what NextAuth lands in session.user.roles.
Remove once the eligibility plumbing is confirmed working.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Without it, NextAuth's Keycloak issuer-discovery fetch goes direct
and Calico default-deny drops it → /access-denied?error=Configuration.
EnvHttpProxyAgent reads HTTP(S)_PROXY at startup.
Mirrors gscAdmin/src/instrumentation.ts. + undici ^6.25.0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Initial commit for gscMy carved out as its own repo (was tracked
loosely under the monorepo's web/ which is gitignored).
What this contains:
- Auth: next-auth v5 via @gsc/web-kit createAuth (Keycloak only,
identity sourced from claims, no admin.users writes)
- Chrome: @gsc/web-kit AdminShell — replaces the legacy MyShell.
Sidebar JSON config carried over and mapped to DbMenuItem.
- Middleware: createAuthMiddleware. Public: /access-denied,
/auth/keycloak, /signed-out, /api/health, /api/pam/approve.
- RP-initiated signout at /api/auth/signout → Keycloak end_session →
/signed-out (mirrors gscAdmin).
- Phosphor-iconned access-denied + signed-out landing pages.
PAM/JIT request flow (ported from gscAdmin's pre-strip git history):
- /access page (Active + Eligible tables, request modal with
duration slider + justification + optional MFA)
- API: /api/pam/{eligible, active, audit, request, approve/:token,
revoke/:id}
- src/lib/{authz, pam, pam-mail, pam-mfa}.ts — same files as
gscAdmin had before the strip. PAM tables (admin.privilege_*)
are shared with gscAdmin; gscMy uses the same Prisma model defs.
- Top-bar widget shows active grants with countdown + revoke.
Build/Deploy: Dockerfile (monorepo-root context), k8s manifests for
my.gosec.internal, self-signed TLS placeholder, DNS A record.
Keycloak gsc-my client extended to include my.gosec.internal/* in
redirect_uris + web_origins.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
