Open
Conversation
big-dimple
force-pushed
the
feature/ldap-support
branch
2 times, most recently
from
1ee649b to
35d0405
Compare
big-dimple
force-pushed
the
feature/ldap-support
branch
from
04e9438 to
3dcdca8
Compare
added 11 commits
March 4, 2026 16:32
# Conflicts: # backend/internal/repository/wire.go # backend/internal/service/wire.go
added 2 commits
April 9, 2026 16:15
# Conflicts: # backend/cmd/server/VERSION # backend/cmd/server/wire_gen.go # backend/ent/mutation.go # backend/ent/runtime/runtime.go # backend/internal/handler/admin/setting_handler.go # backend/internal/handler/wire.go # backend/internal/repository/api_key_repo.go # backend/internal/repository/wire.go # backend/internal/server/api_contract_test.go # backend/internal/server/routes/admin.go # backend/internal/service/wire.go # frontend/src/api/admin/settings.ts
big-dimple
force-pushed
the
feature/ldap-support
branch
from
b66c30b to
090038a
Compare
added 5 commits
April 9, 2026 16:32
# Conflicts: # backend/cmd/server/VERSION # backend/cmd/server/wire_gen.go # backend/ent/mutation.go # backend/ent/user.go # backend/go.sum # backend/internal/handler/admin/setting_handler.go # backend/internal/handler/dto/mappers.go # backend/internal/handler/dto/settings.go # backend/internal/handler/setting_handler.go # backend/internal/repository/api_key_repo.go # backend/internal/repository/user_repo.go # backend/internal/server/api_contract_test.go # backend/internal/server/middleware/jwt_auth_test.go # backend/internal/server/routes/admin.go # backend/internal/service/domain_constants.go # backend/internal/service/setting_service.go # backend/internal/service/settings_view.go # backend/internal/service/wire.go # deploy/docker-compose.yml # frontend/src/api/admin/settings.ts # frontend/src/components/layout/AppSidebar.vue # frontend/src/stores/app.ts # frontend/src/views/admin/SettingsView.vue
Wei-Shaw
force-pushed
the
main
branch
4 times, most recently
from
1e0d466 to
4d0483f
Compare
Contributor
|
Thank you for your contribution! Before we can merge this PR, we need you all to sign our Contributor License Agreement (CLA). To sign, please reply with the following comment:
You only need to sign once — it will be valid for all your future contributions to this project. I have read the CLA Document and I hereby sign the CLA 3 out of 5 committers have signed the CLA. |
…palive-downstream-idle fix(openai): keep responses stream alive during pre-output failover
…t-test-responses-stream fix(openai): tighten responses stream account tests
- gofmt: realign AffiliateDetail struct tags in affiliate_service.go - ineffassign: remove dead seenCompleted assignment before return in account_test_service.go
Stripe payment routes (/payment/stripe, /payment/stripe-popup) are reached via hard navigation (window.location.href), which caused the router guard to block access before the page could load. Set requiresAuth and requiresPayment to false, consistent with /payment/result. Backend API still enforces authentication.
…re prompt caching PR Wei-Shaw#1914 unconditionally applied the full mimicry pipeline to all OAuth accounts, including real Claude Code CLI clients. This replaced the client's long system prompt (~10K+ tokens with stable cache_control breakpoints) with a short ~45 token [billing, CC prompt] pair, which falls below Anthropic's 1024-token minimum cacheable prefix threshold. The result: every request created a new cache but never hit an existing one. Fix: restore the Claude Code client detection gate so that real CC clients bypass body-level mimicry (system rewrite, message cache management, tool name obfuscation). Non-CC third-party clients (opencode, etc.) continue to receive full mimicry. Also harden the detection logic: - Make UA regex case-insensitive (align with claude_code_validator.go) - Validate metadata.user_id format via ParseMetadataUserID() instead of just checking non-empty, preventing third-party tools from spoofing a claude-cli/* UA with an arbitrary user_id string to bypass mimicry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds comprehensive support for enterprise-grade LDAP and Active Directory authentication. It allows organizations to integrate their existing identity providers f user authentication and Just-In-Time (JIT) account provisioning.
Key Features
adminaccount remains functional as a fallback.Changes
LDAPAuthService, LDAP client logic, and new database migrations for LDAP identity mapping.README_ENTERPRISE_LDAP_CN.mdfor enterprise deployment instructions.Verification
Verified in a WSL environment and internal enterprise networks with both OpenLDAP and AD.