makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
Files
2853477a7586464dfedaf553d6c7124dd8419cb0
GearBox/.planning/milestones/v2.2-phases/28-profile-and-logto-integration/28-01-SUMMARY.md
Jean-Luc Makiola 2853477a75
All checks were successful
CI / ci (push) Successful in 1m15s
Details
CI / e2e (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
chore: archive v2.2 User Experience Polish milestone 
Phases 28-31 archived to milestones/v2.2-phases/
Requirements and roadmap snapshots archived to milestones/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 16:00:35 +02:00

2.0 KiB
Raw Blame History

phase, plan, subsystem, tags, key-files, metrics
phase plan subsystem tags key-files metrics
28-profile-and-logto-integration 01 server
logto
account-management
auth
created modified
src/server/services/logto.service.ts
src/server/routes/account.ts
tests/services/logto.service.test.ts
src/server/index.ts
src/shared/schemas.ts
src/shared/types.ts
tasks commits files-changed
2/2 2 6

Plan 28-01 Summary: Logto Management API Client & Account Routes

What Was Built

  1. LogtoManagementClient (src/server/services/logto.service.ts) — M2M token-based client for Logto Management API with automatic token caching and refresh. Methods: getUser, verifyPassword, updatePassword, hasPassword, updateEmail, deleteUser.

  2. Account management routes (src/server/routes/account.ts) — Four endpoints:

    • POST /api/account/password — Change password (verifies current first)
    • POST /api/account/email — Change email
    • GET /api/account/has-password — Check if user has password
    • POST /api/account/delete — Delete account with public setup anonymization

  3. Zod schemas added to src/shared/schemas.ts: changePasswordSchema, changeEmailSchema, deleteAccountSchema

  4. 12 unit tests covering all LogtoManagementClient methods and token caching behavior

Commits

# Hash Description
1 fcd8279 feat(28-01): create Logto Management API client service with M2M auth
2 e8207a3 feat(28-01): add account management routes for password, email, and deletion

Deviations

None — implemented as planned.

Self-Check: PASSED

  • LogtoManagementClient has all required methods
  • Token caching works with 60s buffer before expiry
  • Password change verifies current password first (T-28-03)
  • Account deletion creates sentinel user and anonymizes public setups (D-06)
  • All routes use requireAuth middleware (T-28-05)
  • Deletion requires "DELETE" confirmation (T-28-04)
  • Routes registered in index.ts
  • All tests pass
  • Lint passes
Reference in New Issue View Git Blame Copy Permalink