refactor: rename service references arcadia-app → arcadia-core
The Phoenix auth/identity/tenancy backend repo is being renamed arcadia-app → arcadia-core (its primary OTP app is already arcadia_core). Updates prose, doc paths, and git.sky-ai.com repo URLs. Deliberately leaves the Rust crate arcadia-app-client and host arcadia-app.internal (handled separately), and the kept namespace (issuer/release "arcadia"). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -30,8 +30,8 @@ config :logger, :default_formatter,
|
||||
# Use Jason for JSON parsing in Phoenix
|
||||
config :phoenix, :json_library, Jason
|
||||
|
||||
# Guardian — JWTs are issued by arcadia-app. arcadia-cloud only verifies them.
|
||||
# Issuer and secret_key MUST match arcadia-app's Arcadia.Guardian config.
|
||||
# Guardian — JWTs are issued by arcadia-core. arcadia-cloud only verifies them.
|
||||
# Issuer and secret_key MUST match arcadia-core's Arcadia.Guardian config.
|
||||
config :arcadia_cloud, ArcadiaCloud.Guardian,
|
||||
issuer: "arcadia",
|
||||
verify_issuer: true
|
||||
|
||||
@@ -22,7 +22,7 @@ config :arcadia_cloud, ArcadiaCloudWeb.Endpoint,
|
||||
secret_key_base: "FkyzbvuBWWUEnx/M5KDYyEQdPVbxAiFIkNFbSUK+/DCFvRM+W0NGCnE0bGW6NnCk",
|
||||
watchers: []
|
||||
|
||||
# Guardian — must match arcadia-app's Arcadia.Guardian dev secret_key
|
||||
# Guardian — must match arcadia-core's Arcadia.Guardian dev secret_key
|
||||
# (shared verbatim with arcadia-social and arcadia-voice).
|
||||
config :arcadia_cloud, ArcadiaCloud.Guardian,
|
||||
secret_key: "DuMkIRN3Qcxk8VqOu8nHj5i7a7a7YgBHF4oXqKwDI4A="
|
||||
|
||||
@@ -2,11 +2,11 @@ defmodule ArcadiaCloud.Guardian do
|
||||
@moduledoc """
|
||||
Verify-only Guardian implementation.
|
||||
|
||||
arcadia-cloud never issues tokens — that is arcadia-app's job. We only
|
||||
arcadia-cloud never issues tokens — that is arcadia-core's job. We only
|
||||
decode and verify tokens minted by `Arcadia.Guardian`, then expose the
|
||||
claims as a lightweight identity struct.
|
||||
|
||||
Token contract (set by arcadia-app):
|
||||
Token contract (set by arcadia-core):
|
||||
sub => "<user_id>:<tenant_id>"
|
||||
tenant_id => UUID string
|
||||
tenant_slug => string
|
||||
@@ -36,7 +36,7 @@ defmodule ArcadiaCloud.Guardian do
|
||||
|
||||
@doc """
|
||||
Dev/test helper: mint a JWT using the local secret. Production tokens
|
||||
are minted by arcadia-app.
|
||||
are minted by arcadia-core.
|
||||
"""
|
||||
def mint_dev_token(claims_overrides \\ %{}) do
|
||||
defaults = %{
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
defmodule ArcadiaCloudWeb.Plugs.RequireAuth do
|
||||
@moduledoc """
|
||||
Validates a Bearer JWT issued by arcadia-app and assigns the resulting
|
||||
Validates a Bearer JWT issued by arcadia-core and assigns the resulting
|
||||
identity + raw claims onto the conn. Halts with 401 on any failure.
|
||||
|
||||
Downstream controllers read `conn.assigns.current_identity` and, if
|
||||
|
||||
Reference in New Issue
Block a user