Commit Graph

5 Commits

Author SHA1 Message Date
795068c015 Add Entra ID authentication with role-based access control
Implement Microsoft Entra ID (Azure AD) authentication with user and admin roles.

Features:
- OAuth 2.0 authentication flow using MSAL
- User and admin role-based access control
- Tenant ownership and access management
- Server-side session storage
- Protected routes with authentication decorators

Authentication:
- Users authenticate via Microsoft organizational accounts
- Admin role automatically assigned to DEFAULT_ADMIN_EMAIL
- User profiles synced from Microsoft Graph API

Access Control:
- Admins: Full access to all tenants and server settings
- Users: Can create and manage their own tenants only
- Tenant association: Auto-created when user adds products
- API endpoints remain open for AR application access

Database Changes:
- New users table with email, azure_oid, name, and role
- New user_tenants table for many-to-many tenant ownership
- Case-insensitive admin email comparison

Configuration:
- Environment-based config via .env file
- Azure AD credentials (client ID, secret, tenant ID)
- Configurable redirect URI and admin email
- Updated to Flask 2.2.5 for compatibility
2025-10-20 19:37:52 -04:00
f041266ac3 adding authentication and image support 2025-06-19 11:57:47 -04:00
bd7bf7bf82 organizing the project 2025-05-14 15:17:12 -04:00
f5f6e52c4b updating ui 2025-05-08 20:49:15 -04:00
1e14703eec initial commit 2025-05-08 20:20:26 -04:00