makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

docs(28): add plan summaries for all three plans

Browse Source
This commit is contained in:
Jean-Luc Makiola
2026-04-12 17:51:03 +02:00
parent 1b0013422f
commit c7fa80bd66
3 changed files with 165 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
.planning/phases/28-profile-and-logto-integration/28-01-SUMMARY.md Normal file
View File

@@ -0,0 +1,58 @@
---
phase: 28-profile-and-logto-integration
plan: 01
subsystem: server
tags: [logto, account-management, auth]
key-files:
created:
- src/server/services/logto.service.ts
- src/server/routes/account.ts
- tests/services/logto.service.test.ts
modified:
- src/server/index.ts
- src/shared/schemas.ts
- src/shared/types.ts
metrics:
tasks: 2/2
commits: 2
files-changed: 6
---
# Plan 28-01 Summary: Logto Management API Client & Account Routes
## What Was Built
1. **LogtoManagementClient** (`src/server/services/logto.service.ts`) — M2M token-based client for Logto Management API with automatic token caching and refresh. Methods: getUser, verifyPassword, updatePassword, hasPassword, updateEmail, deleteUser.
2. **Account management routes** (`src/server/routes/account.ts`) — Four endpoints:
- `POST /api/account/password` — Change password (verifies current first)
- `POST /api/account/email` — Change email
- `GET /api/account/has-password` — Check if user has password
- `POST /api/account/delete` — Delete account with public setup anonymization
3. **Zod schemas** added to `src/shared/schemas.ts`: changePasswordSchema, changeEmailSchema, deleteAccountSchema
4. **12 unit tests** covering all LogtoManagementClient methods and token caching behavior
## Commits
| # | Hash | Description |
|---|------|-------------|
| 1 | fcd8279 | feat(28-01): create Logto Management API client service with M2M auth |
| 2 | e8207a3 | feat(28-01): add account management routes for password, email, and deletion |
## Deviations
None — implemented as planned.
## Self-Check: PASSED
- [x] LogtoManagementClient has all required methods
- [x] Token caching works with 60s buffer before expiry
- [x] Password change verifies current password first (T-28-03)
- [x] Account deletion creates sentinel user and anonymizes public setups (D-06)
- [x] All routes use requireAuth middleware (T-28-05)
- [x] Deletion requires "DELETE" confirmation (T-28-04)
- [x] Routes registered in index.ts
- [x] All tests pass
- [x] Lint passes