Skip to content

Apply security policy to auth controller#2084

Merged
MarceloRGonc merged 2 commits intomainfrom
mg/auth-controller
Mar 9, 2026
Merged

Apply security policy to auth controller#2084
MarceloRGonc merged 2 commits intomainfrom
mg/auth-controller

Conversation

@MarceloRGonc
Copy link
Copy Markdown
Contributor

@MarceloRGonc MarceloRGonc commented Mar 9, 2026
edited
Loading

Fixes OPS-3876.

@linear
Copy link
Copy Markdown

linear Bot commented Mar 9, 2026

OPS-3876 Apply Security Policy to auth controller

@MarceloRGonc MarceloRGonc changed the title Update auth controller endpoints Apply security policy to auth controller Mar 9, 2026
@MarceloRGonc MarceloRGonc marked this pull request as ready for review March 9, 2026 09:58
Copilot AI review requested due to automatic review settings March 9, 2026 09:58
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI reviewed Mar 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds route-level security metadata to authentication endpoints (OPS-3876), introducing an explicit analytics permission and attaching scoped route policies to auth/analytics routes.

Changes:

  • Add new shared permission Permission.WRITE_ANALYTICS.
  • Attach project-scoped route security policies (with analytics permission) to analytics auth endpoints.
  • Attach an organization-scoped route security policy (with user write permission) to the sign-up endpoint and update the unit test for the new Fastify route signature.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
packages/shared/src/lib/common/security/permission.ts Introduces WRITE_ANALYTICS permission constant.
packages/server/api/src/app/authentication/authentication.controller.ts Adds scoped config.security route policies (analytics + sign-up) and updates analytics embed route to include Fastify options/config.
packages/server/api/test/unit/authentication/authentication.controller.test.ts Updates assertion to account for the added route options argument on app.get('/analytics-embed-id', ...).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/server/api/src/app/authentication/authentication.controller.ts
Comment thread packages/server/api/src/app/authentication/authentication.controller.ts
@MarceloRGonc MarceloRGonc merged commit 004b917 into main Mar 9, 2026
25 checks passed
@MarceloRGonc MarceloRGonc deleted the mg/auth-controller branch March 9, 2026 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@bigfluffycookie bigfluffycookie bigfluffycookie approved these changes

@alexandrudanpop alexandrudanpop Awaiting requested review from alexandrudanpop

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MarceloRGonc @bigfluffycookie