feat: OIDC/LDAP auth, audit log, maintenance windows, migrations

- Add OIDC (OpenID Connect) authentication with discovery URL support,
  group-based role mapping, and token introspection
- Add LDAP authentication with bind credentials, group-based role
  mapping, and configurable attribute names
- Add audit log (model, routes, templates) tracking settings changes,
  plugin enable/disable, login events
- Add migrations 0009 (widget variants), 0010 (maintenance windows),
  0011 (audit log)
- Add optional dependency groups to pyproject.toml: [ldap], [snmp]
- Add Settings → Auth tab with OIDC and LDAP configuration forms

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-03-23 08:15:15 -04:00
parent 484da1f263
commit 3c70ac56b3
15 changed files with 863 additions and 7 deletions
+24
View File
@@ -0,0 +1,24 @@
from __future__ import annotations
import uuid
from datetime import datetime, timezone
from sqlalchemy import DateTime, ForeignKey, String, Text
from sqlalchemy.orm import Mapped, mapped_column
from .base import Base
class AuditEvent(Base):
__tablename__ = "audit_events"
id: Mapped[str] = mapped_column(String(36), primary_key=True, default=lambda: str(uuid.uuid4()))
timestamp: Mapped[datetime] = mapped_column(
DateTime(timezone=True), nullable=False, default=lambda: datetime.now(timezone.utc)
)
user_id: Mapped[str | None] = mapped_column(
String(36), ForeignKey("users.id", ondelete="SET NULL"), nullable=True
)
# Denormalized so display survives user deletion
username: Mapped[str] = mapped_column(String(64), nullable=False, default="system")
action: Mapped[str] = mapped_column(String(64), nullable=False)
entity_type: Mapped[str | None] = mapped_column(String(64), nullable=True)
entity_id: Mapped[str | None] = mapped_column(String(255), nullable=True)
detail_json: Mapped[str | None] = mapped_column(Text, nullable=True)