Skip to content

v0.2.0

Choose a tag to compare

View all tags
@felipekafuri felipekafuri released this 17 Feb 20:25
· 20 commits to main since this release
v0.2.0
d0d6e99

Multi-User RBAC

Bandeira now supports multiple user accounts with role-based access control, replacing the single admin password.

What's New

  • Email/password authentication — users log in with email + password (bcrypt hashed)
  • Three rolesadmin (full access), editor (manage flags/projects), viewer (read-only)
  • User management — admins can create, edit, and delete users from /users
  • Role-based UI — mutation buttons and toggles are hidden for viewers
  • Role-based API — mutation routes (POST/PUT/DELETE) return 403 for viewers

Upgrading from v0.1.0

No action required for existing deployments. On first startup after upgrade:

  1. The users table is auto-created by Ent migration
  2. An admin user is seeded using your existing BANDEIRA_AUTH_ADMINPASSWORD
  3. If BANDEIRA_AUTH_ADMINEMAIL is not set, it defaults to admin@bandeira.local

Log in with:

  • Email: admin@bandeira.local (or your BANDEIRA_AUTH_ADMINEMAIL)
  • Password: your existing BANDEIRA_AUTH_ADMINPASSWORD

New Environment Variables

Variable Default Description
BANDEIRA_AUTH_ADMINEMAIL admin@bandeira.local Email for the initial admin user

BANDEIRA_AUTH_ADMINPASSWORD remains unchanged. Both variables are only used to seed the first user on initial startup.

Breaking Changes

  • The login page now requires email + password instead of password only
  • pkg/session.SetAuthenticated() replaced by SetAuthenticatedUser(ctx, userID) (internal API)

Full Changelog: v0.1.0...v0.2.0

Assets 2
Loading