Skip to content

feat(crash): account system for the crash dashboard#4119

Merged
esengine merged 1 commit into
main-v2from
feat/crash-dashboard-auth
Jun 12, 2026
Merged

feat(crash): account system for the crash dashboard#4119
esengine merged 1 commit into
main-v2from
feat/crash-dashboard-auth

Conversation

@esengine

@esengine esengine commented Jun 12, 2026

Copy link
Copy Markdown
Owner

Replaces the single shared STATS_PASSWORD on /stats with a real
email/password account system for the crash & telemetry dashboard.

What changed

  • Accounts + sessions — PBKDF2 (WebCrypto) password hashing, D1-backed
    sessions, HttpOnly/Secure/SameSite cookies, and a same-origin CSRF guard on
    every state-changing POST.
  • Rolespending (default on register: signed in, no access),
    viewer (sees the dashboard), admin (above + user management + crash
    triage). Registration is open; a new account sees only an "awaiting approval"
    screen until an admin grants access.
  • Admin panel/admin user management (set role / delete user) and
    /admin/audit, a log of permission and crash-data changes.
  • Crash triage — admins can mark a group resolved/ignored, attach a note, or
    delete a group and its samples from the group page.
  • Bootstrap — the ADMIN_EMAILS secret (comma-separated) auto-promotes
    matching emails to admin on register, so the first admin needs no manual SQL.

The /v1/report, /v1/ping, and /v1/metrics ingest endpoints are unchanged
and stay public.

Schema

Fresh installs use schema.sql (now with users, sessions, audit_log and
groups.status / groups.note). The existing DB is upgraded once with the
non-idempotent migrate.sql.

Deploy status

Already migrated, secret-set, and deployed to crash.reasonix.io — verified live:
route gating, CSRF rejection, and the full register → session → gate → logout
flow. The worker is split into env / shell / auth / auth_pages / admin
/ stats / index, each under the file-size budget.

@esengine
feat(crash): account system for the crash dashboard
0ac295e 
Replace the single shared STATS_PASSWORD with email/password accounts,
sessions, and role-based access. New registrations land as `pending`
with no access until an admin grants `viewer` or `admin`; the
ADMIN_EMAILS secret bootstraps the first admin on register. Admins get
user management, crash-group triage (status / note / delete), and an
audit log. The /v1 ingest endpoints stay public and unchanged.
@esengine esengine requested a review from SivanCola as a code owner June 12, 2026 04:10
@github-actions github-actions Bot added the v2 Go rewrite (1.x) — main-v2 branch, active development label Jun 12, 2026
@esengine esengine merged commit c0aac64 into main-v2 Jun 12, 2026
14 checks passed
@esengine esengine deleted the feat/crash-dashboard-auth branch June 12, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SivanCola SivanCola Awaiting requested review from SivanCola SivanCola is a code owner

Assignees

No one assigned

Labels

v2 Go rewrite (1.x) — main-v2 branch, active development

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@esengine