nav/Fabric.Backend.Center
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nav:44aa34d1ff39399ae6b314439cfb2607f89fc426
Branches Tags
nav:main nav:tessera-oidc-bearer nav:feat/admin-user
..
compare: nav:aa9d59a9520ef35e40eb0786d6a451c92c2d839a
Branches Tags
nav:main nav:tessera-oidc-bearer nav:feat/admin-user

1 Commits
44aa34d1ff ... aa9d59a952

Author SHA1 Message Date
hzhang
aa9d59a952 docs: rewrite README to match current architecture 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 12:53:22 +01:00
1 changed files with 55 additions and 10 deletions
Expand all files Collapse all files

65
README.md
View File

@@ -1,14 +1,59 @@
# Fabric.Backend.Center
Identity Hub service for Fabric.
The **identity hub** for Fabric (NestJS, ES modules, MySQL/TypeORM). Default
port `7001`, global prefix `/api`.
## Scope (MVP)
- User register/login
- Session/token management
- Guild Node registration + shared-secret handshake
- Center-level audit logs
Center is the single identity authority. Guild nodes register with it and
introspect the tokens it issues; the frontend uses it to log in and to
discover which guilds a user belongs to.
## Next
- API skeleton (NestJS)
- Auth module
- Guild node registry module
## Responsibilities
- **Users & sessions** — register/login, JWT access + refresh tokens, `GET`/
`PATCH /auth/me`. User display name defaults to the email until changed.
- **Agent auth** — per-agent **API keys** (`fak_…`); `POST /auth/agent/login`
exchanges a key for a normal user session (used by `Fabric.OpenclawPlugin`).
- **Guild-node registry** — nodes register (`/api/nodes/register`, localhost
or node API key) and are handed out to users as endpoints + short-lived
guild access tokens.
- **Name resolution** — `POST /auth/resolve-names` maps `name`/email →
userId, scoped to a guild's members (used for `<@user.name:NAME>` mentions).
- **Membership** — `POST /auth/me/guilds/join`, `GET /auth/me/guilds`
(returns guilds + fresh guild access tokens), `GET /auth/guilds/:nodeId/members`.
## CLI
```bash
node dist/cli.js user create --email <e> --password <p>
node dist/cli.js user apikey --email <e> [--label <l>] # prints fak_… once
node dist/cli.js node register --node-id <id> --name <n> --endpoint <url>
```
## Run
```bash
npm install
npm run build && npm start # or: npm run start:dev
```
Typically run via the root `docker-compose.local.yml` (service
`backend-center`). MySQL schema is auto-managed (`DB_SYNC`).
## Notable env
- `FABRIC_BACKEND_CENTER_PORT` (default 7001)
- `FABRIC_BACKEND_CENTER_DB_*` (host/port/user/password/name)
- JWT signing secret(s) — see `src/` config
## Auth model
A global `CenterApiKeyGuard` protects most routes; auth/session endpoints
(`login`, `agent/login`, `refresh`, `logout`, `me`, `me/guilds*`,
`resolve-names`, guild members, node register) are exempted so users, agents,
and nodes can bootstrap.
## Notes
- ES modules (`NodeNext`); CJS deps are default-imported
(`import jwt from 'jsonwebtoken'`, `import bcrypt from 'bcryptjs'`).
- `@IsEmail()` rejects single-character TLDs — use e.g. `@t.tt`.