makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity
Files
d9ec330aca5ae5a4cf5e78b6cae49264ce5927ed
GearBox/.planning/milestones/v2.2-phases/28-profile-and-logto-integration/28-01-SUMMARY.md
Jean-Luc Makiola 2853477a75
All checks were successful
CI / ci (push) Successful in 1m15s
Details
CI / e2e (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
chore: archive v2.2 User Experience Polish milestone 
Phases 28-31 archived to milestones/v2.2-phases/
Requirements and roadmap snapshots archived to milestones/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 16:00:35 +02:00

59 lines
2.0 KiB
Markdown
Raw Blame History

---
phase: 28-profile-and-logto-integration
plan: 01
subsystem: server
tags: [logto, account-management, auth]
key-files:
created:
- src/server/services/logto.service.ts
- src/server/routes/account.ts
- tests/services/logto.service.test.ts
modified:
- src/server/index.ts
- src/shared/schemas.ts
- src/shared/types.ts
metrics:
tasks: 2/2
commits: 2
files-changed: 6
---
# Plan 28-01 Summary: Logto Management API Client & Account Routes
## What Was Built
1. **LogtoManagementClient** (`src/server/services/logto.service.ts`) — M2M token-based client for Logto Management API with automatic token caching and refresh. Methods: getUser, verifyPassword, updatePassword, hasPassword, updateEmail, deleteUser.
2. **Account management routes** (`src/server/routes/account.ts`) — Four endpoints:
- `POST /api/account/password` — Change password (verifies current first)
- `POST /api/account/email` — Change email
- `GET /api/account/has-password` — Check if user has password
- `POST /api/account/delete` — Delete account with public setup anonymization
3. **Zod schemas** added to `src/shared/schemas.ts`: changePasswordSchema, changeEmailSchema, deleteAccountSchema
4. **12 unit tests** covering all LogtoManagementClient methods and token caching behavior
## Commits
| # | Hash | Description |
|---|------|-------------|
| 1 | fcd8279 | feat(28-01): create Logto Management API client service with M2M auth |
| 2 | e8207a3 | feat(28-01): add account management routes for password, email, and deletion |
## Deviations
None — implemented as planned.
## Self-Check: PASSED
- [x] LogtoManagementClient has all required methods
- [x] Token caching works with 60s buffer before expiry
- [x] Password change verifies current password first (T-28-03)
- [x] Account deletion creates sentinel user and anonymizes public setups (D-06)
- [x] All routes use requireAuth middleware (T-28-05)
- [x] Deletion requires "DELETE" confirmation (T-28-04)
- [x] Routes registered in index.ts
- [x] All tests pass
- [x] Lint passes
Reference in New Issue View Git Blame Copy Permalink