arne/books
0
0
Fork 0
Code Issues 2 Pull requests Projects Releases 5 Packages Wiki Activity

First-login owner #19

Merged
arne merged 6 commits from first-login-owner into main 2026-04-14 13:33:12 +02:00
Conversation 0 Commits 6 Files changed 16 +975 -26
arne commented 2026-04-14 13:33:07 +02:00
Owner
Copy link

Summary

  • Replace required BOOKS_OIDC_OWNER_SUB with first-login-wins ownership claim
  • New settings key/value table (migration 006); ClaimOwnerSub uses INSERT ... ON CONFLICT DO NOTHING
  • *Auth caches the owner in an atomic.Pointer[string], loaded in New and refreshed by the OIDC callback
  • Recovery is manual SQLite edit + restart (no admin API)

Test plan

  • go test ./... passes
  • On a.bas.es: install books, log in via Pocket ID first, confirm shelf/admin views work
  • Verify a second OIDC user logging in is treated as user (not owner)
## Summary - Replace required `BOOKS_OIDC_OWNER_SUB` with first-login-wins ownership claim - New `settings` key/value table (migration 006); `ClaimOwnerSub` uses `INSERT ... ON CONFLICT DO NOTHING` - `*Auth` caches the owner in an `atomic.Pointer[string]`, loaded in `New` and refreshed by the OIDC callback - Recovery is manual SQLite edit + restart (no admin API) ## Test plan - [x] `go test ./...` passes - [ ] On a.bas.es: install books, log in via Pocket ID first, confirm shelf/admin views work - [ ] Verify a second OIDC user logging in is treated as user (not owner)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces the static Config.OwnerSub / BOOKS_OIDC_OWNER_SUB env var with
a first-login-wins scheme: ExchangeCode now calls ClaimOwnerSub after
creating a session, and ResolveViewer reads ownership from an atomic
cache loaded from the settings table at startup.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
arne merged commit 608b2e3d7f into main 2026-04-14 13:33:12 +02:00
arne referenced this pull request from a commit 2026-04-14 13:33:13 +02:00
First-login owner (#19)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
arne/books!19
No description provided.