feat(auth): admin-issued café recovery key login
CI/CD / CI · API (dotnet build + test) (push) Successful in 5m6s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 1m30s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m10s
CI/CD / CI · Admin Web (tsc) (push) Successful in 38s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 1m0s
CI/CD / Deploy · all services (push) Successful in 5m31s
CI/CD / CI · API (dotnet build + test) (push) Successful in 5m6s
CI/CD / CI · Admin API (dotnet build) (push) Successful in 1m30s
CI/CD / CI · Dashboard (tsc) (push) Successful in 1m10s
CI/CD / CI · Admin Web (tsc) (push) Successful in 38s
CI/CD / CI · Website (tsc) (push) Successful in 46s
CI/CD / CI · Koja (tsc) (push) Successful in 1m0s
CI/CD / Deploy · all services (push) Successful in 5m31s
Platform admins can generate a permanent recovery key per café (admin
panel → Cafés). The café Owner uses it to sign in when OTP access is lost;
once authenticated, all server-side data syncs as normal (data is per-café
on the server, the device only caches it).
Backend:
- Cafe.RecoveryKeyHash (SHA-256, unique index) + RecoveryKeyCreatedAt; migration
- RecoveryKeyGenerator util: MZ-XXXXX-XXXXX-XXXXX-XXXXX, ~190-bit entropy,
stored as SHA-256 (API-token pattern — raw key shown once, never retrievable)
- Admin: POST/DELETE /api/admin/cafes/{id}/recovery-key (key returned once);
café list now reports HasRecoveryKey + RecoveryKeyCreatedAt
- Login: POST /api/auth/login-key → exact-hash lookup → resolves café Owner →
issues normal JWT; rate-limited (auth-otp), suspended/no-owner guarded, logged
Admin UI: per-café generate / regenerate / revoke with one-time reveal + copy.
Dashboard login: discreet "ورود با کلید بازیابی" link → key field. fa/en/ar.
86 tests pass; all tsc clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
@@ -61,6 +61,11 @@
|
||||
"password": "كلمة المرور",
|
||||
"passwordPlaceholder": "كلمة المرور",
|
||||
"invalidCredentials": "اسم المستخدم أو كلمة المرور غير صحيحة.",
|
||||
"invalidKey": "مفتاح الاستعادة غير صالح.",
|
||||
"recoveryKey": "مفتاح الاستعادة",
|
||||
"keyHint": "أدخل مفتاح الاستعادة الذي حصلت عليه من دعم ميزي.",
|
||||
"useRecoveryKey": "فقدت الوصول؟ سجّل الدخول بمفتاح الاستعادة",
|
||||
"backToNormalLogin": "العودة إلى تسجيل الدخول العادي",
|
||||
"kojaSlug": "عنوان الملف الشخصي في كوجا",
|
||||
"kojaSlugHint": "يجد الزوار مقهاكم على هذا العنوان",
|
||||
"kojaSlugPlaceholder": "مثال: my-cafe"
|
||||
|
||||
@@ -72,6 +72,11 @@
|
||||
"password": "Password",
|
||||
"passwordPlaceholder": "Password",
|
||||
"invalidCredentials": "Incorrect username or password.",
|
||||
"invalidKey": "Invalid recovery key.",
|
||||
"recoveryKey": "Recovery key",
|
||||
"keyHint": "Enter the recovery key you received from Meezi support.",
|
||||
"useRecoveryKey": "Lost access? Sign in with a recovery key",
|
||||
"backToNormalLogin": "Back to normal sign-in",
|
||||
"kojaSlug": "Koja profile address",
|
||||
"kojaSlugHint": "Customers will find your cafe at this address",
|
||||
"kojaSlugPlaceholder": "e.g. my-cafe"
|
||||
|
||||
@@ -72,6 +72,11 @@
|
||||
"password": "رمز عبور",
|
||||
"passwordPlaceholder": "رمز عبور",
|
||||
"invalidCredentials": "نام کاربری یا رمز عبور اشتباه است.",
|
||||
"invalidKey": "کلید بازیابی نامعتبر است.",
|
||||
"recoveryKey": "کلید بازیابی",
|
||||
"keyHint": "کلید بازیابی را که از پشتیبانی میزی دریافت کردهاید وارد کنید.",
|
||||
"useRecoveryKey": "دسترسی ندارید؟ ورود با کلید بازیابی",
|
||||
"backToNormalLogin": "بازگشت به ورود عادی",
|
||||
"kojaSlug": "آدرس پروفایل در کوجا",
|
||||
"kojaSlugHint": "بازدیدکنندگان از این آدرس کافه شما را پیدا میکنند",
|
||||
"kojaSlugPlaceholder": "مثال: cafe-roya"
|
||||
|
||||
Reference in New Issue
Block a user