Introduces granular permission scopes for API tokens (docker:report, docker:manage, host-agent:report, monitoring:read/write, settings:read/write) allowing tokens to be restricted to minimum required access. Legacy tokens default to full access until scopes are explicitly configured. Adds standalone host agent for monitoring Linux, macOS, and Windows servers outside Proxmox/Docker estates. New Servers workspace in UI displays uptime, OS metadata, and capacity metrics from enrolled agents. Includes comprehensive token management UI overhaul with scope presets, inline editing, and visual scope indicators.
44 lines
1 KiB
TypeScript
44 lines
1 KiB
TypeScript
import { apiFetchJSON } from '@/utils/apiClient';
|
|
|
|
export interface APITokenRecord {
|
|
id: string;
|
|
name: string;
|
|
prefix: string;
|
|
suffix: string;
|
|
createdAt: string;
|
|
lastUsedAt?: string;
|
|
scopes?: string[];
|
|
}
|
|
|
|
export interface CreateAPITokenResponse {
|
|
token: string;
|
|
record: APITokenRecord;
|
|
}
|
|
|
|
export class SecurityAPI {
|
|
static async listTokens(): Promise<APITokenRecord[]> {
|
|
const response = await apiFetchJSON<{ tokens: APITokenRecord[] }>('/api/security/tokens');
|
|
return response.tokens ?? [];
|
|
}
|
|
|
|
static async createToken(name?: string, scopes?: string[]): Promise<CreateAPITokenResponse> {
|
|
const payload: Record<string, unknown> = {};
|
|
if (name) {
|
|
payload.name = name;
|
|
}
|
|
if (scopes) {
|
|
payload.scopes = scopes;
|
|
}
|
|
|
|
return apiFetchJSON<CreateAPITokenResponse>('/api/security/tokens', {
|
|
method: 'POST',
|
|
body: JSON.stringify(payload),
|
|
});
|
|
}
|
|
|
|
static async deleteToken(id: string): Promise<void> {
|
|
await apiFetchJSON(`/api/security/tokens/${id}`, {
|
|
method: 'DELETE',
|
|
});
|
|
}
|
|
}
|