azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 17:41:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-535] [AZ-533] Logout/revocation surface + UAV mission tokens
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details

Browse Source 
AZ-535: POST /logout (caller's session), /logout/all (all sessions for user),
admin POST /sessions/{sid}/revoke, and verifier-only GET /sessions/revoked
snapshot. New Service role gates the snapshot. Idempotent revoke; reason +
revoked_by_user_id audited per row.

AZ-533: POST /sessions/mission mints a long-lived no-refresh ES256 token bound
to one aircraft + one mission. Audience narrowed to satellite-provider, hard
12 h cap, persisted as class='mission' so the existing logout/revoke surface
covers it. Successful CompanionPC /login or /token/refresh auto-revokes that
aircraft's open mission session (post-flight reconnect).

Schema: 09_sessions_logout_and_mission.sql adds revoked_by_user_id, class,
aircraft_id; drops NOT NULL on refresh_hash for mission rows; adds two partial
indexes for the auto-revoke and snapshot hot paths.

Tests: 13 new e2e tests, all green; full suite 75/76 (1 pre-existing flake in
PasswordHashingTests AC5 timing assertion, unrelated to this batch).

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-14 05:51:23 +03:00
parent 51a293dbcc
commit 8e7c602f51
19 changed files with 1210 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Azaion.Common/Requests/MissionSessionRequest.cs
+36
View File
@@ -0,0 +1,36 @@
using System.ComponentModel.DataAnnotations;
namespace Azaion.Common.Requests;
/// <summary>
/// AZ-533 — body for <c>POST /sessions/mission</c>. Pilot (interactive session)
/// asks admin to mint a long-lived no-refresh token for a single UAV flight.
/// </summary>
public class MissionSessionRequest
{
[Required] public string MissionId { get; set; } = null!;
[Required] public Guid AircraftId { get; set; }
[Required] public double PlannedDurationH { get; set; }
public IList<string>? RequestedScope { get; set; }
/// <summary>
/// Optional bbox of the operating area. Informational until the verifier
/// (satellite-provider) enforces it; included verbatim in the token claim.
/// </summary>
public ValidRegion? ValidRegion { get; set; }
}
public class ValidRegion
{
public double MinLat { get; set; }
public double MinLon { get; set; }
public double MaxLat { get; set; }
public double MaxLon { get; set; }
}
public class MissionSessionResponse
{
public string AccessToken { get; set; } = null!;
public DateTime AccessExp { get; set; }
public string TokenClass { get; set; } = "mission";
public Guid SessionId { get; set; }
}