Skip to content

Add authentication#444

Merged
Flaminel merged 23 commits intomainfrom
add_authentication
Feb 20, 2026
Merged

Add authentication#444
Flaminel merged 23 commits intomainfrom
add_authentication

Conversation

@Flaminel
Copy link
Contributor

@Flaminel Flaminel commented Feb 15, 2026

Relates to #222

@codecov
Copy link

codecov bot commented Feb 15, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 44.78673% with 466 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...rr.Api/Features/Auth/Controllers/AuthController.cs 46.84% 134 Missing and 9 partials ⚠️
...Api/Features/Auth/Controllers/AccountController.cs 0.00% 125 Missing ⚠️
...rr.Infrastructure/Features/Auth/PlexAuthService.cs 16.00% 62 Missing and 1 partial ⚠️
...anuparr.Infrastructure/Features/Auth/JwtService.cs 42.85% 39 Missing and 1 partial ⚠️
...Cleanuparr.Api/Auth/ApiKeyAuthenticationHandler.cs 0.00% 26 Missing ⚠️
.../Cleanuparr.Api/Middleware/SetupGuardMiddleware.cs 61.53% 7 Missing and 3 partials ⚠️
...nuparr.Infrastructure/Features/Auth/TotpService.cs 65.38% 8 Missing and 1 partial ⚠️
...r.Infrastructure/Features/Auth/IPlexAuthService.cs 0.00% 8 Missing ⚠️
...Cleanuparr.Persistence/Models/Auth/RefreshToken.cs 0.00% 7 Missing ⚠️
...es/Auth/Contracts/Responses/AccountInfoResponse.cs 0.00% 5 Missing ⚠️
... and 12 more

📢 Thoughts on this report? Let us know!

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 15, 2026
View reviewed changes
@Flaminel Flaminel requested a review from Copilot February 15, 2026 12:08
Copilot AI reviewed Feb 15, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Implements first-class authentication for Cleanuparr (initial admin setup, login with 2FA, refresh tokens, optional Plex sign-in), and adds account-management UI/APIs.

Changes:

  • Frontend: adds auth flows (setup + login + logout), route guards, token attachment/refresh, and an Account Settings screen.
  • Backend: adds users/auth persistence (SQLite), JWT + API key auth, setup gating middleware, and auth/account controllers.
  • Adds Plex auth integration + TOTP/recovery code support, plus required package/dependency updates.

Reviewed changes

Copilot reviewed 65 out of 67 changed files in this pull request and generated 11 comments.

Show a summary per file
File Description
code/frontend/src/app/layout/nav-sidebar/nav-sidebar.component.ts Adds AuthService injection and logout handler; adds Account item.
code/frontend/src/app/layout/nav-sidebar/nav-sidebar.component.html Adds Logout button to sidebar footer.
code/frontend/src/app/layout/nav-sidebar/nav-sidebar.component.scss Styles logout button and aligns footer layout.
code/frontend/src/app/layout/auth-layout/auth-layout.component.html Adds logo image to auth layout.
code/frontend/src/app/layout/auth-layout/auth-layout.component.scss Styles logo/brand layout.
code/frontend/src/app/features/settings/account/account-settings.component.ts New Account Settings logic (password, 2FA regen, API key, Plex link).
code/frontend/src/app/features/settings/account/account-settings.component.html New Account Settings UI.
code/frontend/src/app/features/settings/account/account-settings.component.scss New Account Settings styling.
code/frontend/src/app/features/auth/setup/setup.component.ts New initial setup flow (create account, TOTP setup, optional Plex link).
code/frontend/src/app/features/auth/setup/setup.component.html New setup wizard UI incl. QR display.
code/frontend/src/app/features/auth/setup/setup.component.scss New setup wizard styling.
code/frontend/src/app/features/auth/login/login.component.ts Implements credential login + 2FA/recovery + Plex login + retry countdown.
code/frontend/src/app/features/auth/login/login.component.html Implements login UI views (credentials/2FA/recovery/Plex).
code/frontend/src/app/features/auth/login/login.component.scss Adds login view transitions, error/countdown and Plex button styling.
code/frontend/src/app/core/realtime/hub.service.ts Adds SignalR access token factory for authenticated hub connections.
code/frontend/src/app/core/interceptors/error.interceptor.ts Introduces ApiError with retry-after metadata for UI.
code/frontend/src/app/core/auth/auth.service.ts Implements auth status, setup/login flows, token storage and refresh scheduling.
code/frontend/src/app/core/auth/auth.interceptor.ts Attaches Bearer token and refreshes on 401 responses.
code/frontend/src/app/core/auth/auth.guard.ts Adds guards for auth/setup/login routes with initial status wait.
code/frontend/src/app/core/api/account.api.ts Adds Account API client for account operations.
code/frontend/src/app/app.ts Triggers initial auth status check on app startup.
code/frontend/src/app/app.routes.ts Adds setup route + login/setup guards + account settings route.
code/frontend/src/app/app.config.ts Registers additional icons used by new UI.
code/frontend/package.json Adds angularx-qrcode dependency for QR rendering.
code/frontend/package-lock.json Locks angularx-qrcode and updates Angular-related lock entries.
code/backend/Cleanuparr.Persistence/UsersContext.cs Adds UsersContext (SQLite) for auth data.
code/backend/Cleanuparr.Persistence/Models/Auth/User.cs Adds User auth model (password hash, TOTP, Plex, API key, lockout).
code/backend/Cleanuparr.Persistence/Models/Auth/RefreshToken.cs Adds refresh token storage model.
code/backend/Cleanuparr.Persistence/Models/Auth/RecoveryCode.cs Adds recovery code storage model.
code/backend/Cleanuparr.Persistence/Migrations/Users/UsersContextModelSnapshot.cs Adds UsersContext EF model snapshot.
code/backend/Cleanuparr.Persistence/Migrations/Users/20260215094545_Initial.cs Adds initial users DB migration.
code/backend/Cleanuparr.Persistence/Migrations/Users/20260215094545_Initial.Designer.cs Adds migration designer file.
code/backend/Cleanuparr.Infrastructure/Features/Auth/TotpService.cs Implements TOTP validation + recovery code generation/hashing.
code/backend/Cleanuparr.Infrastructure/Features/Auth/PlexAuthService.cs Implements Plex PIN flow and account lookup.
code/backend/Cleanuparr.Infrastructure/Features/Auth/PasswordService.cs Implements BCrypt password hashing/verification.
code/backend/Cleanuparr.Infrastructure/Features/Auth/JwtService.cs Implements access/login token creation + refresh token generation and validation.
code/backend/Cleanuparr.Infrastructure/Features/Auth/ITotpService.cs Adds TOTP service interface.
code/backend/Cleanuparr.Infrastructure/Features/Auth/IPlexAuthService.cs Adds Plex auth service interface/contracts.
code/backend/Cleanuparr.Infrastructure/Features/Auth/IPasswordService.cs Adds password service interface.
code/backend/Cleanuparr.Infrastructure/Features/Auth/IJwtService.cs Adds JWT service interface.
code/backend/Cleanuparr.Infrastructure/Cleanuparr.Infrastructure.csproj Adds auth-related NuGet packages (BCrypt, Otp.NET, JWT libs).
code/backend/Cleanuparr.Api/Program.cs Wires AddAuthServices into app startup.
code/backend/Cleanuparr.Api/Middleware/SetupGuardMiddleware.cs Adds middleware to block non-auth API calls until setup complete.
code/backend/Cleanuparr.Api/HostExtensions.cs Applies UsersContext migrations at startup.
code/backend/Cleanuparr.Api/Features/Auth/Controllers/AuthController.cs Adds auth endpoints (status, setup, login+2FA, refresh/logout, Plex login/link).
code/backend/Cleanuparr.Api/Features/Auth/Controllers/AccountController.cs Adds authenticated account endpoints (password, 2FA regen, API key, Plex link).
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/TotpSetupResponse.cs Adds response contract for TOTP setup/regeneration.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/TokenResponse.cs Adds token response contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/PlexPinResponse.cs Adds Plex PIN/verify response contracts.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/LoginResponse.cs Adds login response contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/AuthStatusResponse.cs Adds auth status response contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Responses/AccountInfoResponse.cs Adds account info response contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/VerifyTotpRequest.cs Adds TOTP verify request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/TwoFactorRequest.cs Adds 2FA verification request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/Regenerate2faRequest.cs Adds 2FA regeneration request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/RefreshTokenRequest.cs Adds refresh/logout request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/PlexPinRequest.cs Adds Plex PIN request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/LoginRequest.cs Adds login request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/CreateAccountRequest.cs Adds create-account request contract.
code/backend/Cleanuparr.Api/Features/Auth/Contracts/Requests/ChangePasswordRequest.cs Adds change-password request contract.
code/backend/Cleanuparr.Api/DependencyInjection/ServicesDI.cs Registers auth-related services + UsersContext in DI.
code/backend/Cleanuparr.Api/DependencyInjection/MainDI.cs Adds PlexAuth HttpClient registration.
code/backend/Cleanuparr.Api/DependencyInjection/AuthDI.cs Adds JWT bearer + API key auth schemes and authorization policy.
code/backend/Cleanuparr.Api/DependencyInjection/ApiDI.cs Adds setup guard middleware + authentication in pipeline.
code/backend/Cleanuparr.Api/Cleanuparr.Api.csproj Adds JwtBearer package reference.
code/backend/Cleanuparr.Api/Auth/ApiKeyAuthenticationHandler.cs Adds API key auth handler (header/query parameter).
code/Makefile Adds migration helper target for UsersContext.
Files not reviewed (2)
  • code/backend/Cleanuparr.Persistence/Migrations/Users/20260215094545_Initial.Designer.cs: Language not supported
  • code/frontend/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Flaminel Flaminel merged commit 50e486b into main Feb 20, 2026
7 of 8 checks passed
@Flaminel Flaminel deleted the add_authentication branch February 20, 2026 16:09
@adrianmusante adrianmusante mentioned this pull request Feb 23, 2026
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Flaminel