Add Buckets, Monitoring, Memberships, Networking, SSO, Announcements, Status page
Full set of admin surfaces on top of /platform/* and /admin/* endpoints,
plus a migration of /assistant onto @crema/llm-providers-ui.
Buckets (/buckets):
S3-level CRUD over /platform/buckets — list, create, delete (with the
6-digit confirmation flow the backend enforces), per-bucket configure
for versioning / CORS rules / policy JSON, plus an object browser
with FileGrid/FileList from @crema/file-ui and presigned-URL reveal.
Storage-config picker scopes the view to one credential at a time.
Monitoring (/monitoring):
Live dashboard. Service health board derived from indirect signals
(status-ui OverallStatus + ComponentRow). KPI tiles for sessions,
jobs, audit. Tabs: background jobs (Donut + BarChart + retry recent),
sessions (Sparkline of last 24h sign-ins), audit activity (BarChart
of severity / top resource types), infrastructure (DO summary +
WorldMapSvg coloured by droplet region + droplet list + Spaces),
rate limits. 30s auto-refresh.
Memberships (/memberships):
M:N glue between users and tenants over /admin/memberships. Add /
edit / suspend / activate / remove with role multi-select.
Networking (/networking):
Tabs over /platform/{firewalls,vpcs,domains,floating_ips}.
Read/delete on firewalls, read on VPCs, full DNS-record CRUD, and
inline assign/unassign for floating IPs.
SSO (/sso):
/sso/identity-providers CRUD with PEM cert as write-only field, plus
/sso/sessions list with destroy.
Announcements (/announcements):
/admin/announcements CRUD. Platform-wide vs per-tenant audience,
schedule windows, dismissible + active toggles.
Status page (/status-page):
/admin/status-page/{components,incidents,subscribers}. Components
CRUD, incidents with timeline + post-update + resolve flow,
subscriber list. Public preview at the top using StatusBoard +
IncidentTimeline from @crema/status-ui.
Assistant migration:
/assistant now uses @crema/llm-providers-ui (provider catalog +
vault key resolution) instead of ~/lib/llm-settings. Same async
buildAdapter() flow used by /ai. The legacy lib file is now
unreferenced and can be removed when ready.
New sibling libs wired (cloned from CremaUIStudio):
lib-file-ui, lib-card-ui, lib-dashboard-ui, lib-chart-ui,
lib-map-ui, lib-status-ui.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
99
app/lib/arcadia/sso.ts
Normal file
99
app/lib/arcadia/sso.ts
Normal file
@@ -0,0 +1,99 @@
|
||||
// SSO / SAML helpers.
|
||||
// Backend: /api/v1/sso/identity-providers (tenant CRUD) + /sessions.
|
||||
// Note: certificates are large and write-only.
|
||||
|
||||
import type { ArcadiaClient } from "@crema/arcadia-client"
|
||||
|
||||
export interface IdentityProvider {
|
||||
id: string
|
||||
tenant_id: string
|
||||
name: string
|
||||
entity_id: string
|
||||
sso_url: string
|
||||
slo_url: string | null
|
||||
name_id_format: string | null
|
||||
attribute_mapping: Record<string, string>
|
||||
sp_entity_id: string | null
|
||||
sign_requests: boolean
|
||||
metadata_url: string | null
|
||||
callback_url: string | null
|
||||
enabled: boolean
|
||||
has_certificate: boolean
|
||||
inserted_at: string
|
||||
updated_at: string
|
||||
}
|
||||
|
||||
export interface IdentityProviderInput {
|
||||
name: string
|
||||
entity_id: string
|
||||
sso_url: string
|
||||
slo_url?: string | null
|
||||
name_id_format?: string | null
|
||||
attribute_mapping?: Record<string, string>
|
||||
sp_entity_id?: string | null
|
||||
sign_requests?: boolean
|
||||
metadata_url?: string | null
|
||||
callback_url?: string | null
|
||||
enabled?: boolean
|
||||
/** PEM cert from the IdP. Write-only. */
|
||||
certificate?: string
|
||||
}
|
||||
|
||||
export interface SamlSession {
|
||||
id: string
|
||||
user_id: string
|
||||
idp_id: string
|
||||
name_id: string | null
|
||||
session_index: string | null
|
||||
expires_at: string | null
|
||||
inserted_at: string
|
||||
}
|
||||
|
||||
const BASE = "/api/v1/sso"
|
||||
|
||||
export async function listIdentityProviders(arcadia: ArcadiaClient): Promise<IdentityProvider[]> {
|
||||
const res = await arcadia.GET<{ data: IdentityProvider[] }>(`${BASE}/identity-providers`)
|
||||
return res.data
|
||||
}
|
||||
|
||||
export async function createIdentityProvider(
|
||||
arcadia: ArcadiaClient,
|
||||
input: IdentityProviderInput,
|
||||
): Promise<IdentityProvider> {
|
||||
const res = await arcadia.POST<{ data: IdentityProvider }>(
|
||||
`${BASE}/identity-providers`,
|
||||
{ body: { identity_provider: input } },
|
||||
)
|
||||
return res.data
|
||||
}
|
||||
|
||||
export async function updateIdentityProvider(
|
||||
arcadia: ArcadiaClient,
|
||||
id: string,
|
||||
input: Partial<IdentityProviderInput>,
|
||||
): Promise<IdentityProvider> {
|
||||
const res = await arcadia.PATCH<{ data: IdentityProvider }>(
|
||||
`${BASE}/identity-providers/${id}`,
|
||||
{ body: { identity_provider: input } },
|
||||
)
|
||||
return res.data
|
||||
}
|
||||
|
||||
export async function deleteIdentityProvider(
|
||||
arcadia: ArcadiaClient,
|
||||
id: string,
|
||||
): Promise<void> {
|
||||
await arcadia.DELETE(`${BASE}/identity-providers/${id}`)
|
||||
}
|
||||
|
||||
export async function listSamlSessions(arcadia: ArcadiaClient): Promise<SamlSession[]> {
|
||||
const res = await arcadia.GET<{ data: SamlSession[] }>(`${BASE}/sessions`)
|
||||
return res.data
|
||||
}
|
||||
|
||||
export async function destroySamlSession(
|
||||
arcadia: ArcadiaClient,
|
||||
sessionId: string,
|
||||
): Promise<void> {
|
||||
await arcadia.DELETE(`${BASE}/sessions/${sessionId}`)
|
||||
}
|
||||
Reference in New Issue
Block a user