feat(desktop): implement workspace foundation + desktop-client skeleton
Plan 0 (workspaces): add workspaces + workspace_memberships schema, extend JWT/Actor/claims with primary_workspace_id, seed default workspace per tenant, thread workspace_id through tenant monitoring quota. Plan A (desktop skeleton): new Electron app (apps/desktop-client) with main/ preload/renderer, shared Vue component package (packages/ui-shared), and server surface — desktop client registration + token rotation + heartbeat, SSE task event stream, desktop accounts/tasks/content handlers, publish job endpoint, and supporting repositories, services, sqlc queries, and migrations. Hard cutover per plan: remove browser-extension monitoring callback endpoints, stub legacy media API in admin-web, and delete monitoring_callback_handler.go.
This commit is contained in:
@@ -31,15 +31,16 @@ type TokenPair struct {
|
||||
ExpiresAt int64 `json:"expires_at"`
|
||||
}
|
||||
|
||||
func (m *Manager) Issue(userID, tenantID int64, role string) (*TokenPair, error) {
|
||||
func (m *Manager) Issue(userID, tenantID, primaryWorkspaceID int64, role string) (*TokenPair, error) {
|
||||
now := time.Now()
|
||||
accessJTI := uuid.New().String()
|
||||
refreshJTI := uuid.New().String()
|
||||
|
||||
accessClaims := Claims{
|
||||
UserID: userID,
|
||||
TenantID: tenantID,
|
||||
Role: role,
|
||||
UserID: userID,
|
||||
TenantID: tenantID,
|
||||
PrimaryWorkspaceID: primaryWorkspaceID,
|
||||
Role: role,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ID: accessJTI,
|
||||
Subject: "access",
|
||||
@@ -53,9 +54,10 @@ func (m *Manager) Issue(userID, tenantID int64, role string) (*TokenPair, error)
|
||||
}
|
||||
|
||||
refreshClaims := Claims{
|
||||
UserID: userID,
|
||||
TenantID: tenantID,
|
||||
Role: role,
|
||||
UserID: userID,
|
||||
TenantID: tenantID,
|
||||
PrimaryWorkspaceID: primaryWorkspaceID,
|
||||
Role: role,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ID: refreshJTI,
|
||||
Subject: "refresh",
|
||||
|
||||
Reference in New Issue
Block a user