v0.12.0 — REST API + personal access tokens
A bidirectional API so other apps (Home Assistant, phone shortcuts, scripts, and the coming MCP server) can read and update the homestead. - ApiToken model (sha256-hashed, scoped, with prefix/lastUsed/expiry/revoke) - authenticateRequest() accepts EITHER a NextAuth cookie session OR a Bearer PAT; cookie sessions get full access, tokens are limited to their scopes (write implies read; resource and global wildcards). ApiError + handleApiError - Shared service layer (plants/tasks/locations/plant-types) reused by every endpoint and, later, the MCP server — logic lives once - /api/v1: plants (read + add log), plant-types, locations, tasks (read/create/ complete), and a whoami/discovery root - Settings → API tokens: create with per-resource read/write checkboxes, raw token shown once, revoke; tokens added to backup/restore - Pure tests for scope matching + token hashing; verified end-to-end (401/403/ 201, lastUsedAt) against a running server Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -8,6 +8,13 @@ export type ChangelogEntry = {
|
||||
};
|
||||
|
||||
export const CHANGELOG: ChangelogEntry[] = [
|
||||
{
|
||||
version: "0.12.0",
|
||||
date: "2026-06-15",
|
||||
changes: [
|
||||
"Moon Base now has an API — other apps can read and update your homestead. Create access tokens under Settings → API tokens, choosing exactly what each one is allowed to do (e.g. read plants, log harvests). This is the groundwork for phone shortcuts, Home Assistant, and letting Claude help directly.",
|
||||
],
|
||||
},
|
||||
{
|
||||
version: "0.11.0",
|
||||
date: "2026-06-15",
|
||||
|
||||
Reference in New Issue
Block a user