Description
Support read-only admin impersonation for investigation, requiring an active reason, banner display on responses, automatic expiry, and an audit trail of every viewed resource.
Requirements and context
- Must be secure, tested, and documented
- Should be efficient and easy to review
- Relevant code:
src/auth/, src/middleware/authWithSession.ts
- Writes must be blocked while impersonating
Suggested execution
- Fork the repo and create a branch
git checkout -b feat/admin-impersonation- Implement changes
- Add impersonation session type with TTL and reason field
- Block non-GET requests under impersonation
- Inject banner header into responses and audit each view
- Validate security and correctness assumptions
Test and commit
- Run tests
- Cover edge cases
- Write attempt, TTL expiry mid-request, nested impersonation block
- Include test output and notes
Example commit message
feat: read-only admin impersonation with audit
Guidelines
- Minimum 95 percent test coverage
- Clear documentation
- Timeframe: 96 hours
Description
Support read-only admin impersonation for investigation, requiring an active reason, banner display on responses, automatic expiry, and an audit trail of every viewed resource.
Requirements and context
src/auth/,src/middleware/authWithSession.tsSuggested execution
git checkout -b feat/admin-impersonationTest and commit
npm testExample commit message
feat: read-only admin impersonation with auditGuidelines