alexei.dolgolyov/web-app-launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
d73fb9c680aa4cdb7aac3252d9cff8c46a0762df
web-app-launcher/plans/service-integrations/phase-8-authentik.md
T
alexei.dolgolyov 50e8519220 feat(service-integrations): phase 2 — integration widget & app form UI 
- Add 6 renderer components: StatCard, Gauge, List, Progress, AlertBanner, Chart
- Add IntegrationWidget container with auto-refresh, loading, error states
- Add IntegrationAlertOverlay for layout-level critical alerts
- Add IntegrationConfigFields for dynamic form generation from Zod schemas
- Register integration type in WidgetRenderer
- Extend WidgetCreationForm with integration app/endpoint pickers
- Extend AppForm with integration config section and test connection button
- Add /api/integrations/alerts endpoint
2026-03-25 22:07:51 +03:00

46 lines
2.5 KiB
Markdown
Raw Blame History

# Phase 8: Authentik Integration
**Status:** ⬜ Not Started
**Parent plan:** [PLAN.md](./PLAN.md)
**Domain:** backend
## Objective
Implement Authentik integration for security monitoring: active sessions, login events, brute force detection, and user/group statistics.
## Tasks
- [ ] Task 1: Create `src/lib/server/integrations/authentik/schema.ts` — Zod schemas for auth config (`{ apiToken: string }`) and endpoint responses.
- [ ] Task 2: Create `src/lib/server/integrations/authentik/client.ts` — HTTP client for Authentik API v3. Auth via `Authorization: Bearer <apiToken>` header. Endpoints: `/api/v3/core/sessions/`, `/api/v3/events/events/?action=login`, `/api/v3/events/events/?action=login_failed`, `/api/v3/core/users/`, `/api/v3/core/groups/`.
- [ ] Task 3: Create `src/lib/server/integrations/authentik/transform.ts` — Transform: sessions → stat-card (count), login events → list with username/IP/timestamp/success, failed logins → brute force detection (>5 failures from same IP in 10 min = alert), user/group stats → stat-card.
- [ ] Task 4: Create `src/lib/server/integrations/authentik/index.ts` — Integration implementation. Endpoints: `sessions` (stat-card), `login-events` (list), `security-alerts` (alert-banner), `user-stats` (stat-card). testConnection: fetch authenticated user info.
- [ ] Task 5: Register Authentik integration in registry.
## Files to Modify/Create
- `src/lib/server/integrations/authentik/schema.ts` — new
- `src/lib/server/integrations/authentik/client.ts` — new
- `src/lib/server/integrations/authentik/transform.ts` — new
- `src/lib/server/integrations/authentik/index.ts` — new
- `src/lib/server/integrations/registry.ts` — modify: register Authentik
## Acceptance Criteria
- Active sessions count displayed as stat-card
- Login events list with username, IP, timestamp, success/failure
- Brute force detection: alert when >5 failed logins from same IP within 10 minutes
- User/group stats displayed as stat-card
- Security alerts surface via alert banner system
- Test connection validates API token
## Notes
- Authentik API v3 uses pagination — handle `?page=N&page_size=N`
- Brute force detection is computed client-side from event data, not a native Authentik feature
- The threshold (5 failures / 10 min) should be configurable via extra config
- Security alerts should integrate with the alert banner overlay from Phase 2
## Review Checklist
- [ ] All tasks completed
- [ ] Brute force detection logic is sound
- [ ] Code follows project conventions
## Handoff to Next Phase
<!-- Filled in after completion -->
Reference in New Issue View Git Blame Copy Permalink