alexei.dolgolyov/web-app-launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
d479726fe3521a32b1bb47d79a9a3850a1b4aaa2
web-app-launcher/plans/service-integrations/phase-8-authentik.md
T
alexei.dolgolyov 50e8519220 feat(service-integrations): phase 2 — integration widget & app form UI 
- Add 6 renderer components: StatCard, Gauge, List, Progress, AlertBanner, Chart
- Add IntegrationWidget container with auto-refresh, loading, error states
- Add IntegrationAlertOverlay for layout-level critical alerts
- Add IntegrationConfigFields for dynamic form generation from Zod schemas
- Register integration type in WidgetRenderer
- Extend WidgetCreationForm with integration app/endpoint pickers
- Extend AppForm with integration config section and test connection button
- Add /api/integrations/alerts endpoint
2026-03-25 22:07:51 +03:00

2.5 KiB
Raw Blame History

Phase 8: Authentik Integration

Status: Not Started Parent plan: PLAN.md Domain: backend

Objective

Implement Authentik integration for security monitoring: active sessions, login events, brute force detection, and user/group statistics.

Tasks

  • Task 1: Create src/lib/server/integrations/authentik/schema.ts — Zod schemas for auth config ({ apiToken: string }) and endpoint responses.
  • Task 2: Create src/lib/server/integrations/authentik/client.ts — HTTP client for Authentik API v3. Auth via Authorization: Bearer <apiToken> header. Endpoints: /api/v3/core/sessions/, /api/v3/events/events/?action=login, /api/v3/events/events/?action=login_failed, /api/v3/core/users/, /api/v3/core/groups/.
  • Task 3: Create src/lib/server/integrations/authentik/transform.ts — Transform: sessions → stat-card (count), login events → list with username/IP/timestamp/success, failed logins → brute force detection (>5 failures from same IP in 10 min = alert), user/group stats → stat-card.
  • Task 4: Create src/lib/server/integrations/authentik/index.ts — Integration implementation. Endpoints: sessions (stat-card), login-events (list), security-alerts (alert-banner), user-stats (stat-card). testConnection: fetch authenticated user info.
  • Task 5: Register Authentik integration in registry.

Files to Modify/Create

  • src/lib/server/integrations/authentik/schema.ts — new
  • src/lib/server/integrations/authentik/client.ts — new
  • src/lib/server/integrations/authentik/transform.ts — new
  • src/lib/server/integrations/authentik/index.ts — new
  • src/lib/server/integrations/registry.ts — modify: register Authentik

Acceptance Criteria

  • Active sessions count displayed as stat-card
  • Login events list with username, IP, timestamp, success/failure
  • Brute force detection: alert when >5 failed logins from same IP within 10 minutes
  • User/group stats displayed as stat-card
  • Security alerts surface via alert banner system
  • Test connection validates API token

Notes

  • Authentik API v3 uses pagination — handle ?page=N&page_size=N
  • Brute force detection is computed client-side from event data, not a native Authentik feature
  • The threshold (5 failures / 10 min) should be configurable via extra config
  • Security alerts should integrate with the alert banner overlay from Phase 2

Review Checklist

  • All tasks completed
  • Brute force detection logic is sound
  • Code follows project conventions

Handoff to Next Phase

Reference in New Issue View Git Blame Copy Permalink