05-07-2025

🛡️ Major Authentication & Role Management Overhaul

This release introduces a fundamental refactor of our API's security and user management model. We have transitioned from a single-role assignment to a flexible, multi-role architecture, enabling more granular and powerful access control.

Building on this, we've implemented a context-aware authentication flow that hardens security for the administrative dashboard. Instead of a sign-up process, dashboard access is now strictly limited to pre-existing users with privileged roles, preventing unauthorized access attempts at the earliest stage.

✨ Key Features & Enhancements

Enhanced Role-Based Access Control (RBAC)

• Multi-Role Architecture: The core system has been re-engineered to support multiple roles per user. A user can now simultaneously be a standardUser, a publisher, and more, allowing for precise permission management.
• Granular Permission Checks: The PermissionService now leverages the new multi-role system, checking a user's entire list of roles to determine access rights. A new publisher role with content creation permissions has also been introduced.
• JWT Claims Update: JSON Web Tokens (JWTs) issued by the API now include a complete list of a user's roles, providing client applications with all the necessary information for authorization.

Secure, Context-Aware Authentication

• Hardened Dashboard Login: The authentication flow is now context-aware. Login attempts to the dashboard (using an is_dashboard_login: true flag) now trigger a strict pre-validation check. This ensures the user's email is already registered and that they possess the required admin or publisher role before an authentication code is sent. This prevents unauthorized users from even initiating a login to the dashboard.
• Streamlined User Creation: Legacy logic for migrating anonymous guest accounts has been removed from the user creation process, simplifying the overall authentication service and making it more robust.

🔧 Developer Experience & Code Quality

• Admin User Seeding: To simplify local development and testing, the API now automatically seeds the user repository with a default [email protected] user on application startup.
• Refactored Auth Service: The AuthService has been refactored to centralize and de-duplicate user retrieval logic, improving code maintainability and reusability.
• Documentation Updates: The README.md has been updated to detail the new "Flexible Role-Based Access Control (RBAC)" and "Secure Authentication" features.

04-07-2025

🚀 API Enhancements: Dashboard Summary & Flexible Sorting

This release significantly enhances our API, introducing a new dedicated endpoint to power the dashboard and implementing a powerful, flexible sorting mechanism across all major data endpoints. These changes provide richer data for monitoring and give clients greater control over how data is presented.

✨ New Features & Enhancements

• New Dashboard Summary API: This provides real-time, aggregated counts of key entities like headlines, categories, and sources, specifically designed to power the new dashboard overview page in the front-end application.

• Flexible Data Sorting: List endpoints now support dynamic sorting. Clients can use the sortBy and sortOrder (asc or desc) query parameters to control the order of returned data. This feature has been implemented across all major data models (headlines, categories, sources, users, etc.) for consistent and powerful data control.

🔧 Under the Hood

• Dashboard Summary Service: A new DashboardSummaryService has been implemented to handle the logic for calculating and providing dashboard metrics efficiently.
• Robust Sorting Implementation: The new sorting capability includes validation to ensure only valid sort orders are accepted, returning a BadRequestException for invalid inputs.
• Dependency Injection & Model Registration: The new service has been integrated into the application's dependency injection system, and the DashboardSummary model has been registered with read-only permissions for administrators.