chore(release): prepare for v0.5.1

## [0.5.0] - 2026-03-12

### 🚀 Features

- *(client)* Add API key authentication for /authz endpoint (#294)

### ⚙️ Miscellaneous Tasks

- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
- *(deps)* Update dependency go to v1.25.6 (#274)
- *(deps)* Update golang docker tag to v1.25.6 (#275)
- Remove GitLab CI configuration
- Add code coverage integration
- *(deps)* Update dependency go to v1.25.7 (#279)
- *(deps)* Update dependency go to v1.26.0 (#280)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
- *(deps)* Update dependency go to v1.26.1 (#286)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)

<!-- generated by git-cliff -->

---

**Note:** Please use **Squash Merge** when merging this PR.

Reviewed-on: #295
Co-authored-by: Unbound Releaser <releaser@unbound.se>
Co-committed-by: Unbound Releaser <releaser@unbound.se>

.gitea/workflows/ci.yaml

@@ -0,0 +1,85 @@
+name: authz_client
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Run tests
+        run: go test -race -coverprofile=coverage.txt ./...
+
+      - name: Check coverage
+        uses: vladopajic/go-test-coverage@v2
+        with:
+          config: ./.testcoverage.yml
+
+      # Download baseline coverage from main branch (for PRs)
+      - name: Download baseline coverage
+        if: gitea.event_name == 'pull_request'
+        uses: actions/download-artifact@v3
+        with:
+          name: coverage-baseline
+          path: ./baseline
+        continue-on-error: true
+
+      # Compare coverage against baseline (for PRs)
+      - name: Compare coverage
+        if: gitea.event_name == 'pull_request'
+        run: |
+          CURRENT=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
+          if [ -f ./baseline/coverage.txt ]; then
+            BASE=$(go tool cover -func=./baseline/coverage.txt | grep "^total:" | awk '{print $NF}' | tr -d '%')
+            echo "Base coverage: ${BASE}%"
+            echo "Current coverage: ${CURRENT}%"
+            if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
+              echo "::error::Coverage decreased from ${BASE}% to ${CURRENT}%"
+              exit 1
+            fi
+            echo "Coverage maintained or improved: ${BASE}% -> ${CURRENT}%"
+          else
+            echo "No baseline coverage found, skipping comparison"
+            echo "Current coverage: ${CURRENT}%"
+          fi
+
+      # Upload coverage as baseline (only on main)
+      - name: Upload coverage baseline
+        if: gitea.ref == 'refs/heads/main'
+        uses: actions/upload-artifact@v3
+        with:
+          name: coverage-baseline
+          path: coverage.txt
+          retention-days: 90
+
+      # Post coverage to PR comment
+      - name: Post coverage comment
+        if: gitea.event_name == 'pull_request'
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          GITEA_URL: ${{ gitea.server_url }}
+        run: |
+          COVERAGE=$(go tool cover -func=coverage.txt | grep "^total:" | awk '{print $NF}')
+          curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
+            -H "Authorization: token ${GITEA_TOKEN}" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}**\"}"
+
+  vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: 'stable'
+      - name: Check vulnerabilities
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...

.gitea/workflows/pre-commit.yaml

@@ -0,0 +1,25 @@
+name: pre-commit
+permissions: read-all
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    env:
+      SKIP: no-commit-to-branch
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-go@v6
+        with:
+          go-version: stable
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.14'
+      - name: Install goimports
+        run: go install golang.org/x/tools/cmd/goimports@latest
+      - uses: pre-commit/action@v3.0.1

.gitea/workflows/release.yaml

@@ -0,0 +1,9 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  release:
+    uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main

.gitignore

@@ -1,2 +1,4 @@
 .idea
+.claude
 /release
+coverage.txt

.gitlab-ci.yml

@@ -1,36 +0,0 @@
-include:
-- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
-- project: unboundsoftware/ci-templates
-  file: Release.gitlab-ci.yml
-- project: unboundsoftware/ci-templates
-  file: Pre-Commit-Go.gitlab-ci.yml
-
-image: amd64/golang:1.24.2@sha256:aebb7dfe0e8da97fd4e22f95d2162cc6948f772fa947a00659634ece26cadb5a
-
-stages:
-- deps
-- test
-
-deps:
-  stage: deps
-  script:
-  - go mod download
-
-test:
-  stage: test
-  dependencies:
-  - deps
-  script:
-  - CGO_ENABLED=1 go test -mod=readonly -race -coverprofile=coverage.txt -covermode=atomic -coverpkg=$(go list ./... | tr '\n' , | sed 's/,$//') ./...
-  - go tool cover -html=coverage.txt -o coverage.html
-  - go tool cover -func=coverage.txt
-  - curl -Os https://uploader.codecov.io/latest/linux/codecov
-  - chmod +x codecov
-  - ./codecov -t ${CODECOV_TOKEN} -R $CI_PROJECT_DIR -C $CI_COMMIT_SHA -r $CI_PROJECT_PATH
-
-vulnerabilities:
-  stage: test
-  image: amd64/golang:1.24.2@sha256:aebb7dfe0e8da97fd4e22f95d2162cc6948f772fa947a00659634ece26cadb5a
-  script:
-  - go install golang.org/x/vuln/cmd/govulncheck@latest
-  - govulncheck ./...

.pre-commit-config.yaml

@@ -2,7 +2,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v5.0.0
+  rev: v6.0.0
   hooks:
   - id: trailing-whitespace
   - id: end-of-file-fixer
@@ -10,15 +10,8 @@ repos:
     args:
     - --allow-multiple-documents
   - id: check-added-large-files
-- repo: https://gitlab.com/devopshq/gitlab-ci-linter
-  rev: v1.0.6
-  hooks:
-  - id: gitlab-ci-linter
-    args:
-    - --project
-    - unboundsoftware/shiny/authz_client
 - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-  rev: v9.22.0
+  rev: v9.24.0
   hooks:
   - id: commitlint
     stages: [ commit-msg ]
@@ -30,17 +23,17 @@ repos:
   - id: go-imports
     args:
     - -local
-    - gitlab.com/unboundsoftware/shiny/authz_client
+    - gitea.unbound.se/shiny/authz_client
 - repo: https://github.com/lietu/go-pre-commit
-  rev: v0.1.0
+  rev: v1.0.0
   hooks:
   - id: go-test
   - id: gofumpt
 - repo: https://github.com/golangci/golangci-lint
-  rev: v2.0.2
+  rev: v2.11.4
   hooks:
   - id: golangci-lint-full
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.24.3
+  rev: v8.30.1
   hooks:
   - id: gitleaks

.testcoverage.yml

@@ -0,0 +1,13 @@
+# Coverage configuration for go-test-coverage
+# https://github.com/vladopajic/go-test-coverage
+
+profile: coverage.txt
+
+threshold:
+  file: 0
+  package: 0
+  total: 0
+
+exclude:
+  paths:
+    - _test\.go$

.version

@@ -0,0 +1,3 @@
+{
+  "version": "v0.5.1"
+}

CHANGELOG.md

@@ -2,6 +2,162 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.5.1] - 2026-04-10
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.30.1 (#296)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.4 (#298)
+- *(deps)* Update dependency go to v1.26.2 (#300)
+
+## [0.5.0] - 2026-03-12
+
+### 🚀 Features
+
+- *(client)* Add API key authentication for /authz endpoint (#294)
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.5 docker digest to 3a01526 (#271)
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.24.0 (#273)
+- *(deps)* Update dependency go to v1.25.6 (#274)
+- *(deps)* Update golang docker tag to v1.25.6 (#275)
+- Remove GitLab CI configuration
+- Add code coverage integration
+- *(deps)* Update dependency go to v1.25.7 (#279)
+- *(deps)* Update dependency go to v1.26.0 (#280)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.9.0 (#281)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.0 (#282)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.10.1 (#283)
+- *(deps)* Update dependency go to v1.26.1 (#286)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.1 (#288)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.2 (#290)
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.11.3 (#292)
+
+## [0.4.1] - 2026-01-09
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update actions/setup-python action to v6
+- Migrate module path to gitea.unbound.se
+
+## [0.4.0] - 2026-01-09
+
+### 🚀 Features
+
+- Migrate from GitLab CI to Gitea Actions
+
+### 🚜 Refactor
+
+- Update module path to new repository location
+
+### 📚 Documentation
+
+- Add CLAUDE.md for Claude Code integration
+
+### 🧪 Testing
+
+- Add concurrent fetch and read tests for privileges
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.3 docker digest to 9ac0edc
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.29.0
+- *(deps)* Update dependency go to v1.25.4
+- *(deps)* Update golang docker tag to v1.25.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.2
+- *(deps)* Update golang:1.25.4 docker digest to efe81fa
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.29.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.30.0
+- *(deps)* Update dependency go to v1.25.5
+- *(deps)* Update golang docker tag to v1.25.5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.7.2
+- *(deps)* Update golang:1.25.5 docker digest to 0c27bcf
+- *(deps)* Update golang:1.25.5 docker digest to ad03ba9
+- *(deps)* Update actions/setup-go action to v6
+- *(deps)* Update actions/checkout action to v6
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.8.0
+- Add pre-commit and release workflows
+
+## [0.3.1] - 2025-11-02
+
+### 🐛 Bug Fixes
+
+- Change to write lock for thread safety in json unmarshal
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update golang:1.25.1 docker digest to 53f7808
+- *(deps)* Update pre-commit hook lietu/go-pre-commit to v1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.5.0
+- *(deps)* Update golang:1.25.1 docker digest to 12640a4
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.23.0
+- *(deps)* Update dependency go to v1.25.2
+- *(deps)* Update golang docker tag to v1.25.2
+- *(deps)* Update dependency go to v1.25.3
+- *(deps)* Update golang docker tag to v1.25.3
+- Add default configuration for git-cliff
+- *(deps)* Update golang:1.25.3 docker digest to 69d1009
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.6.0
+
+## [0.3.0] - 2025-09-06
+
+### 🚀 Features
+
+- *(ci)* Add defaults pipeline template for CI workflow
+- Add salary privilege to privilege management system
+
+### 🐛 Bug Fixes
+
+- *(deps)* Update module github.com/sparetimecoders/goamqp to v0.3.3
+- *(deps)* Update module github.com/stretchr/testify to v1.11.0
+- *(deps)* Update module github.com/stretchr/testify to v1.11.1
+
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.5
+- *(deps)* Update golang:1.24.2 docker digest to bf7899c
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.25.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.25.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.1.6
+- *(deps)* Update dependency go to v1.24.3
+- *(deps)* Update golang docker tag to v1.24.3
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.26.0
+- *(deps)* Update golang:1.24.3 docker digest to f255a7d
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.0
+- *(deps)* Update dependency go to v1.24.4
+- *(deps)* Update golang docker tag to v1.24.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.27.2
+- *(deps)* Update golang:1.24.4 docker digest to 3494bbe
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.1
+- *(deps)* Update golang:1.24.4 docker digest to 9f820b6
+- *(deps)* Update dependency go to v1.24.5
+- *(deps)* Update golang docker tag to v1.24.5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.2.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.28.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.3.0
+- *(deps)* Update golang:1.24.5 docker digest to 0a156a4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.3.1
+- *(deps)* Update dependency go to v1.24.6
+- *(deps)* Update golang docker tag to v1.24.6
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v6
+- *(deps)* Update golang:1.24.6 docker digest to 958bfd1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.4.0
+- *(deps)* Update golang docker tag to v1.25.0
+- *(deps)* Update dependency go to v1.25.0
+- *(deps)* Update golang:1.25.0 docker digest to f6b9e1a
+- *(deps)* Update dependency go to v1.25.1
+- *(deps)* Update golang docker tag to v1.25.1
+
 ## [0.2.0] - 2025-04-11
 
 ### 🚀 Features
@@ -19,6 +175,81 @@ All notable changes to this project will be documented in this file.
 
 - *(ci)* Remove pre-commit job and add new template
 
+### ⚙️ Miscellaneous Tasks
+
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v5
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.20.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.2
+- *(deps)* Pin golang docker tag to ad5c126
+- *(deps)* Pin unbound/pre-commit docker tag to 92fce44
+- *(deps)* Update golang docker tag to v1.23.3
+- *(deps)* Update unbound/pre-commit docker digest to 596abf5
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.62.0
+- *(deps)* Update golang:1.23.3 docker digest to 8956c08
+- *(deps)* Update unbound/pre-commit docker digest to e78425c
+- *(deps)* Update golang:1.23.3 docker digest to 3694e36
+- *(deps)* Update golang:1.23.3 docker digest to b2ca381
+- *(deps)* Update golang:1.23.3 docker digest to 2660218
+- *(deps)* Update golang:1.23.3 docker digest to c2d828f
+- *(deps)* Update golang:1.23.3 docker digest to 73f06be
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.62.2
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.19.0
+- *(deps)* Update golang:1.23.3 docker digest to ee5f0ad
+- *(deps)* Update golang:1.23.3 docker digest to b4aabba
+- *(deps)* Update golang:1.23.3 docker digest to 2b01164
+- *(deps)* Update golang:1.23.3 docker digest to 017ec6b
+- *(deps)* Update golang docker tag to v1.23.4
+- *(deps)* Update golang:1.23.4 docker digest to 574185e
+- *(deps)* Update golang:1.23.4 docker digest to 7003184
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.20.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.3
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.21.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.22.0
+- *(deps)* Update golang:1.23.4 docker digest to 7ea4c9d
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.22.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.3
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.63.4
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.0
+- *(deps)* Update golang:1.23.4 docker digest to 3b1a7de
+- *(deps)* Update golang:1.23.4 docker digest to 08e1417
+- *(deps)* Update golang:1.23.4 docker digest to 585103a
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.1
+- *(deps)* Update golang:1.23.4 docker digest to 5305905
+- *(deps)* Update golang:1.23.4 docker digest to 9820aca
+- *(deps)* Update golang docker tag to v1.23.5
+- *(deps)* Update golang:1.23.5 docker digest to 8c10f21
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.23.3
+- *(deps)* Update golang:1.23.5 docker digest to e213430
+- *(deps)* Update golang docker tag to v1.23.6
+- *(deps)* Update golang:1.23.6 docker digest to 958bd2e
+- *(deps)* Update golang:1.23.6 docker digest to 9271129
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.2
+- *(deps)* Update golang docker tag to v1.24.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.5
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.21.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.0
+- *(deps)* Update golang:1.24.0 docker digest to 4a3f101
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.6
+- *(deps)* Update golang docker tag to v1.24.1
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.22.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.7
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.64.8
+- *(deps)* Update golang:1.24.1 docker digest to 5ecf333
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.0.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v2.0.2
+- *(deps)* Update golang docker tag to v1.24.2
+- *(deps)* Update golang:1.24.2 docker digest to aebb7df
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.24.3
+
 ## [0.1.4] - 2024-10-05
 
 ### 🐛 Bug Fixes
@@ -26,31 +257,67 @@ All notable changes to this project will be documented in this file.
 - *(deps)* Update module github.com/stretchr/testify to v1.9.0
 - *(deps)* Update module github.com/sparetimecoders/goamqp to v0.3.1
 
-### 💼 Other
-
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.1 to 0.3.0
-
 ### ⚙️ Miscellaneous Tasks
 
 - Update to Go 1.21.6
 - Update to Go 1.22.0
+- *(deps)* Update node.js to v20
+- *(deps)* Update pre-commit hook devopshq/gitlab-ci-linter to v1.0.6
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.11.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.56.2
+- *(deps)* Update pre-commit hook lietu/go-pre-commit to v0.1.0
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v4.5.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.12.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.13.0
+- *(deps)* Update golang docker tag to v1.22.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.1
 - Add gitleaks to pre-commit setup
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.57.2
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.14.0
+- *(deps)* Update golang docker tag to v1.22.2
+- *(deps)* Update pre-commit hook pre-commit/pre-commit-hooks to v4.6.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.15.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.16.0
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.0
+- *(deps)* Update golang docker tag to v1.22.3
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.58.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.59.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.3
+- *(deps)* Update golang docker tag to v1.22.4
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.59.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.18.4
+- *(deps)* Update golang docker tag to v1.22.5
+- *(deps)* Update golang docker tag to v1.22.6
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.1
+- *(deps)* Update golang docker tag to v1.23.0
 - Update golangci-lint to use full version
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.2
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.60.3
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.17.0
+- *(deps)* Update golang docker tag to v1.23.1
+- *(deps)* Update pre-commit hook golangci/golangci-lint to v1.61.0
+- *(deps)* Update pre-commit hook alessandrojcm/commitlint-pre-commit-hook to v9.18.0
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.1
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.19.3
+- *(deps)* Update golang docker tag to v1.23.2
+- *(deps)* Update pre-commit hook gitleaks/gitleaks to v8.20.0
 - Add release flow
 - Remove old release job
 
+### Build
+
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.1 to 0.3.0
+
 ## [0.1.3] - 2023-12-26
 
 ### 🐛 Bug Fixes
 
 - Prohibit concurrent read/write
 
-### 💼 Other
-
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.4 to 0.1.5
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.5 to 0.2.0
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.0 to 0.2.1
-
 ### ⚙️ Miscellaneous Tasks
 
 - Update Go version
@@ -63,32 +330,30 @@ All notable changes to this project will be documented in this file.
 - Update to go 1.21.3 and remove patch level
 - Update version of Go
 
+### Build
+
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.4 to 0.1.5
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.5 to 0.2.0
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.2.0 to 0.2.1
+
 ## [0.1.2] - 2023-06-04
 
-### 💼 Other
-
-- *(deps)* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3
-- *(deps)* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4
-
 ### ⚙️ Miscellaneous Tasks
 
 - Update pre-commit and fix golangci-lint
 - Update golangci-lint
 
+### Build
+
+- *(deps)* Bump github.com/stretchr/testify from 1.8.2 to 1.8.3
+- *(deps)* Bump github.com/stretchr/testify from 1.8.3 to 1.8.4
+
 ## [0.1.1] - 2023-05-11
 
 ### 🐛 Bug Fixes
 
 - Run builds with Go 1.19.2 to fix vulnerabilities
 
-### 💼 Other
-
-- *(deps)* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.1 to 0.1.2
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.2 to 0.1.3
-- *(deps)* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
-- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.3 to 0.1.4
-
 ### ⚙️ Miscellaneous Tasks
 
 - Add vulnerability-check
@@ -103,13 +368,31 @@ All notable changes to this project will be documented in this file.
 - Update to Go 1.20.3
 - Update Go version and fix gitlabci lint
 
+### Build
+
+- *(deps)* Bump github.com/stretchr/testify from 1.8.0 to 1.8.1
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.1 to 0.1.2
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.2 to 0.1.3
+- *(deps)* Bump github.com/stretchr/testify from 1.8.1 to 1.8.2
+- *(deps)* Bump github.com/sparetimecoders/goamqp from 0.1.3 to 0.1.4
+
 ## [0.1.0] - 2022-07-20
 
 ### 🐛 Bug Fixes
 
 - Pipeline
 
-### 💼 Other
+### ⚙️ Miscellaneous Tasks
+
+- Add dependabot config
+- *(deps)* Bump gitlab.com/sparetimecoders/goamqp from 0.3.1 to 0.3.2
+- *(deps)* Bump github.com/stretchr/testify from 1.4.0 to 1.7.0
+- Remove dependabot-standalone
+- Change to codecov binary instead of bash uploader
+- *(deps)* Bump gitlab.com/sparetimecoders/goamqp from 0.3.2 to 0.4.0
+- Switch to moved goamqp
+
+### Build
 
 - Add params to codecov
 - *(deps)* Bump github.com/stretchr/testify from 1.7.0 to 1.7.1
@@ -119,13 +402,6 @@ All notable changes to this project will be documented in this file.
 - *(deps)* Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
 - *(deps)* Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
 
-### ⚙️ Miscellaneous Tasks
-
-- Add dependabot config
-- Remove dependabot-standalone
-- Change to codecov binary instead of bash uploader
-- Switch to moved goamqp
-
 ## [0.0.8] - 2021-05-15
 
 ### ⚙️ Miscellaneous Tasks

CLAUDE.md

@@ -0,0 +1,46 @@
+# authz_client
+
+Shared Go library for authorization service client integration.
+
+## Shared Documentation
+
+@../docs/claude/architecture.md
+@../docs/claude/go-services.md
+@../docs/claude/conventions.md
+
+## Library Information
+
+### Purpose
+
+Provides a client for the authz-service, handling privilege management for users across companies. Used by all microservices that need to check user permissions.
+
+### Usage
+
+```go
+import client "gitea.unbound.se/shiny/authz_client"
+
+// Create handler with options
+handler := client.New(client.WithBaseURL("http://authz-service"))
+
+// Check user privileges
+privileges := handler.Get(email, companyID)
+if privileges.Invoicing {
+    // User has invoicing privileges
+}
+```
+
+### Privileges
+
+The `CompanyPrivileges` struct contains permission flags:
+- `Admin` - Administrative access
+- `Company` - Company management
+- `Consumer` - Consumer/customer access
+- `Time` - Time tracking
+- `Invoicing` - Invoice management
+- `Accounting` - Accounting access
+- `Supplier` - Supplier management
+- `Salary` - Salary/payroll access
+
+### Event Handling
+
+Implements `goamqp` message handlers to receive privilege update events from the authz-service, keeping the local privilege cache up-to-date.

README.md

@@ -1,4 +1 @@
 # Shiny authz-client
-
-[![Build Status](https://gitlab.com/unboundsoftware/shiny/authz_client/badges/main/pipeline.svg)](https://gitlab.com/unboundsoftware/shiny/authz_client/commits/main)
-[![codecov](https://codecov.io/gl/unboundsoftware:shiny/authz_client/branch/main/graph/badge.svg?token=AQS7QVLCEQ)](https://codecov.io/gl/unboundsoftware:shiny/authz_client)

client.go

@@ -20,6 +20,7 @@ type CompanyPrivileges struct {
 	Invoicing  bool `json:"invoicing"`
 	Accounting bool `json:"accounting"`
 	Supplier   bool `json:"supplier"`
+	Salary     bool `json:"salary"`
 }
 
 // PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
@@ -27,6 +28,7 @@ type PrivilegeHandler struct {
 	*sync.RWMutex
 	client     *http.Client
 	baseURL    string
+	apiKey     string
 	privileges map[string]map[string]*CompanyPrivileges
 }
 
@@ -40,6 +42,13 @@ func WithBaseURL(url string) OptsFunc {
 	}
 }
 
+// WithAPIKey sets an API key used as a Bearer token when fetching privileges
+func WithAPIKey(key string) OptsFunc {
+	return func(handler *PrivilegeHandler) {
+		handler.apiKey = key
+	}
+}
+
 // New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
 func New(opts ...OptsFunc) *PrivilegeHandler {
 	handler := &PrivilegeHandler{
@@ -56,7 +65,16 @@ func New(opts ...OptsFunc) *PrivilegeHandler {
 
 // Fetch the initial set of privileges from an authz-service
 func (h *PrivilegeHandler) Fetch() error {
-	resp, err := h.client.Get(fmt.Sprintf("%s/authz", h.baseURL))
+	req, err := http.NewRequest(http.MethodGet, fmt.Sprintf("%s/authz", h.baseURL), nil)
+	if err != nil {
+		return err
+	}
+
+	if h.apiKey != "" {
+		req.Header.Set("Authorization", "Bearer "+h.apiKey)
+	}
+
+	resp, err := h.client.Do(req)
 	if err != nil {
 		return err
 	}
@@ -66,8 +84,8 @@ func (h *PrivilegeHandler) Fetch() error {
 		return err
 	}
 
-	h.RLock()
-	defer h.RUnlock()
+	h.Lock()
+	defer h.Unlock()
 	err = json.Unmarshal(buff, &h.privileges)
 	if err != nil {
 		return err
@@ -86,13 +104,14 @@ func (h *PrivilegeHandler) Setup() []goamqp.Setup {
 
 // Process privilege-related events and update the internal state
 func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface{}, error) {
+	h.Lock()
+	defer h.Unlock()
+
 	switch ev := msg.(type) {
 	case *UserAdded:
 		if priv, exists := h.privileges[ev.Email]; exists {
 			priv[ev.CompanyID] = &CompanyPrivileges{}
 		} else {
-			h.Lock()
-			defer h.Unlock()
 			h.privileges[ev.Email] = map[string]*CompanyPrivileges{
 				ev.CompanyID: {},
 			}
@@ -100,19 +119,13 @@ func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface
 		return nil, nil
 	case *UserRemoved:
 		if priv, exists := h.privileges[ev.Email]; exists {
-			h.Lock()
-			defer h.Unlock()
 			delete(priv, ev.CompanyID)
 		}
 		return nil, nil
 	case *PrivilegeAdded:
-		h.Lock()
-		defer h.Unlock()
 		h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
 		return nil, nil
 	case *PrivilegeRemoved:
-		h.Lock()
-		defer h.Unlock()
 		h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
 		return nil, nil
 	default:
@@ -139,6 +152,8 @@ func (h *PrivilegeHandler) setPrivileges(email, companyId string, privilege Priv
 				c.Accounting = set
 			case PrivilegeSupplier:
 				c.Supplier = set
+			case PrivilegeSalary:
+				c.Salary = set
 			}
 		} else {
 			priv[companyId] = &CompanyPrivileges{}

client_test.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"sort"
+	"sync"
 	"testing"
 
 	"github.com/sparetimecoders/goamqp"
@@ -236,6 +237,51 @@ func TestPrivilegeHandler_IsAllowed_Return_True_If_Privilege_Exists(t *testing.T
 	})
 
 	assert.True(t, result)
+
+	_, _ = handler.Process(&PrivilegeAdded{
+		Email:     "jim@example.org",
+		CompanyID: "abc-123",
+		Privilege: PrivilegeSalary,
+	}, goamqp.Headers{})
+
+	result = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Salary
+	})
+
+	assert.True(t, result)
+}
+
+func TestPrivilegeHandler_Fetch_Sends_Authorization_Header_When_APIKey_Set(t *testing.T) {
+	var receivedAuth string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		receivedAuth = r.Header.Get("Authorization")
+		_, _ = w.Write([]byte("{}"))
+	}))
+	defer server.Close()
+
+	handler := New(
+		WithBaseURL(server.URL),
+		WithAPIKey("my-secret-key"),
+	)
+
+	err := handler.Fetch()
+	assert.NoError(t, err)
+	assert.Equal(t, "Bearer my-secret-key", receivedAuth)
+}
+
+func TestPrivilegeHandler_Fetch_No_Authorization_Header_Without_APIKey(t *testing.T) {
+	var receivedAuth string
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		receivedAuth = r.Header.Get("Authorization")
+		_, _ = w.Write([]byte("{}"))
+	}))
+	defer server.Close()
+
+	handler := New(WithBaseURL(server.URL))
+
+	err := handler.Fetch()
+	assert.NoError(t, err)
+	assert.Empty(t, receivedAuth)
 }
 
 func TestPrivilegeHandler_Fetch_Error_Response(t *testing.T) {
@@ -289,7 +335,8 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
       "time": true,
       "invoicing": true,
       "accounting": false,
-      "supplier": false
+      "supplier": false,
+      "salary": true
     }
   }
 }`
@@ -313,8 +360,291 @@ func TestPrivilegeHandler_Fetch_Valid(t *testing.T) {
 				Invoicing:  true,
 				Accounting: false,
 				Supplier:   false,
+				Salary:     true,
 			},
 		},
 	}
 	assert.Equal(t, expectedPrivileges, handler.privileges)
 }
+
+func TestPrivilegeHandler_Fetch_Concurrent_Fetches(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "00010203-0405-4607-8809-0a0b0c0d0e0f": {
+      "admin": false,
+      "company": true,
+      "consumer": false,
+      "time": true,
+      "invoicing": true,
+      "accounting": false,
+      "supplier": false,
+      "salary": true
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	// Run multiple Fetch calls concurrently to test thread-safety
+	var wg sync.WaitGroup
+	errors := make(chan error, 10)
+
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := handler.Fetch(); err != nil {
+				errors <- err
+			}
+		}()
+	}
+
+	wg.Wait()
+	close(errors)
+
+	// Check no errors occurred
+	for err := range errors {
+		assert.NoError(t, err)
+	}
+
+	// Verify privileges were set correctly
+	expectedPrivileges := map[string]map[string]*CompanyPrivileges{
+		"jim@example.org": {
+			"00010203-0405-4607-8809-0a0b0c0d0e0f": {
+				Admin:      false,
+				Company:    true,
+				Consumer:   false,
+				Time:       true,
+				Invoicing:  true,
+				Accounting: false,
+				Supplier:   false,
+				Salary:     true,
+			},
+		},
+	}
+	assert.Equal(t, expectedPrivileges, handler.privileges)
+}
+
+func TestPrivilegeHandler_Concurrent_Fetch_And_Read(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "abc-123": {
+      "admin": true,
+      "company": true,
+      "consumer": false,
+      "time": false,
+      "invoicing": false,
+      "accounting": false,
+      "supplier": false,
+      "salary": false
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	var wg sync.WaitGroup
+	errors := make(chan error, 100)
+
+	// Start multiple Fetch operations
+	for i := 0; i < 10; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			if err := handler.Fetch(); err != nil {
+				errors <- err
+			}
+		}()
+	}
+
+	// Concurrently read privileges while Fetch is running
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	// Concurrently check privileges while Fetch is running
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+	close(errors)
+
+	// Check no errors occurred
+	for err := range errors {
+		assert.NoError(t, err)
+	}
+
+	// Verify privileges are correct after all concurrent operations
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	assert.Equal(t, []string{"abc-123"}, companies)
+
+	isAllowed := handler.IsAllowed("jim@example.org", "abc-123", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin && privileges.Company
+	})
+	assert.True(t, isAllowed)
+}
+
+func TestPrivilegeHandler_Concurrent_Process_And_Read(t *testing.T) {
+	handler := New(WithBaseURL("base"))
+
+	var wg sync.WaitGroup
+
+	// Concurrently add privileges via Process
+	for i := 0; i < 100; i++ {
+		wg.Add(1)
+		companyID := fmt.Sprintf("company-%d", i%10)
+		go func(id string) {
+			defer wg.Done()
+			_, _ = handler.Process(&PrivilegeAdded{
+				Email:     "jim@example.org",
+				CompanyID: id,
+				Privilege: PrivilegeAdmin,
+			}, goamqp.Headers{})
+		}(companyID)
+	}
+
+	// Concurrently read privileges while Process is running
+	for i := 0; i < 100; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+
+	// Verify all companies were added
+	companies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	sort.Strings(companies)
+
+	expected := make([]string, 10)
+	for i := 0; i < 10; i++ {
+		expected[i] = fmt.Sprintf("company-%d", i)
+	}
+	sort.Strings(expected)
+
+	assert.Equal(t, expected, companies)
+}
+
+func TestPrivilegeHandler_Concurrent_Multiple_Operations(t *testing.T) {
+	privileges := `
+{
+  "jim@example.org": {
+    "initial-company": {
+      "admin": true,
+      "company": true,
+      "consumer": false,
+      "time": false,
+      "invoicing": false,
+      "accounting": false,
+      "supplier": false,
+      "salary": false
+    }
+  }
+}`
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = w.Write([]byte(privileges))
+	}))
+	defer server.Close()
+
+	baseURL := server.Listener.Addr().String()
+	handler := New(WithBaseURL(fmt.Sprintf("http://%s", baseURL)))
+
+	var wg sync.WaitGroup
+
+	// Fetch
+	for i := 0; i < 5; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.Fetch()
+		}()
+	}
+
+	// Process PrivilegeAdded
+	for i := 0; i < 20; i++ {
+		wg.Add(1)
+		go func(idx int) {
+			defer wg.Done()
+			_, _ = handler.Process(&PrivilegeAdded{
+				Email:     "jane@example.org",
+				CompanyID: fmt.Sprintf("company-%d", idx%5),
+				Privilege: PrivilegeCompany,
+			}, goamqp.Headers{})
+		}(i)
+	}
+
+	// CompaniesByUser reads
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		email := "jim@example.org"
+		if i%2 == 0 {
+			email = "jane@example.org"
+		}
+		go func(e string) {
+			defer wg.Done()
+			_ = handler.CompaniesByUser(e, func(privileges CompanyPrivileges) bool {
+				return privileges.Admin || privileges.Company
+			})
+		}(email)
+	}
+
+	// IsAllowed reads
+	for i := 0; i < 50; i++ {
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			_ = handler.IsAllowed("jim@example.org", "initial-company", func(privileges CompanyPrivileges) bool {
+				return privileges.Admin
+			})
+		}()
+	}
+
+	wg.Wait()
+
+	// Verify final state is consistent
+	jimCompanies := handler.CompaniesByUser("jim@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Admin
+	})
+	assert.Contains(t, jimCompanies, "initial-company")
+
+	janeCompanies := handler.CompaniesByUser("jane@example.org", func(privileges CompanyPrivileges) bool {
+		return privileges.Company
+	})
+	sort.Strings(janeCompanies)
+
+	expectedJane := []string{"company-0", "company-1", "company-2", "company-3", "company-4"}
+	assert.Equal(t, expectedJane, janeCompanies)
+}

cliff.toml

@@ -0,0 +1,80 @@
+# git-cliff ~ default configuration file
+# https://git-cliff.org/docs/configuration
+#
+# Lines starting with "#" are comments.
+# Configuration options are organized into tables and keys.
+# See documentation for more information on available options.
+
+[changelog]
+# template for the changelog header
+header = """
+# Changelog\n
+All notable changes to this project will be documented in this file.\n
+"""
+# template for the changelog body
+# https://keats.github.io/tera/docs/#introduction
+body = """
+{% if version %}\
+    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
+{% else %}\
+    ## [unreleased]
+{% endif %}\
+{% for group, commits in commits | group_by(attribute="group") %}
+    ### {{ group | striptags | trim | upper_first }}
+    {% for commit in commits %}
+        - {% if commit.scope %}*({{ commit.scope }})* {% endif %}\
+            {% if commit.breaking %}[**breaking**] {% endif %}\
+            {{ commit.message | upper_first }}\
+    {% endfor %}
+{% endfor %}\n
+"""
+# template for the changelog footer
+footer = """
+<!-- generated by git-cliff -->
+"""
+# remove the leading and trailing s
+trim = true
+# postprocessors
+postprocessors = [
+  # { pattern = '<REPO>', replace = "https://github.com/orhun/git-cliff" }, # replace repository URL
+]
+# render body even when there are no releases to process
+# render_always = true
+# output file path
+# output = "test.md"
+
+[git]
+# parse the commits based on https://www.conventionalcommits.org
+conventional_commits = true
+# filter out the commits that are not conventional
+filter_unconventional = true
+# process each line of a commit as an individual commit
+split_commits = false
+# regex for preprocessing the commit messages
+commit_preprocessors = [
+  # Replace issue numbers
+  #{ pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](<REPO>/issues/${2}))"},
+  # Check spelling of the commit with https://github.com/crate-ci/typos
+  # If the spelling is incorrect, it will be automatically fixed.
+  #{ pattern = '.*', replace_command = 'typos --write-changes -' },
+]
+# regex for parsing and grouping commits
+commit_parsers = [
+  { message = "^feat", group = "<!-- 0 -->🚀 Features" },
+  { message = "^fix", group = "<!-- 1 -->🐛 Bug Fixes" },
+  { message = "^doc", group = "<!-- 3 -->📚 Documentation" },
+  { message = "^perf", group = "<!-- 4 -->⚡ Performance" },
+  { message = "^refactor", group = "<!-- 2 -->🚜 Refactor" },
+  { message = "^style", group = "<!-- 5 -->🎨 Styling" },
+  { message = "^test", group = "<!-- 6 -->🧪 Testing" },
+  { message = "^chore\\(release\\): prepare for", skip = true },
+  { message = "^chore|^ci", group = "<!-- 7 -->⚙️ Miscellaneous Tasks" },
+  { body = ".*security", group = "<!-- 8 -->🛡️ Security" },
+  { message = "^revert", group = "<!-- 9 -->◀️ Revert" },
+]
+# filter out the commits that are not matched by commit parsers
+filter_commits = false
+# sort the tags topologically
+topo_order = false
+# sort the commits inside sections by oldest/newest order
+sort_commits = "oldest"

events.go

@@ -23,6 +23,7 @@ const (
 	PrivilegeInvoicing  = "INVOICING"
 	PrivilegeAccounting = "ACCOUNTING"
 	PrivilegeSupplier   = "SUPPLIER"
+	PrivilegeSalary     = "SALARY"
 )
 
 var AllPrivilege = []Privilege{
@@ -33,11 +34,12 @@ var AllPrivilege = []Privilege{
 	PrivilegeInvoicing,
 	PrivilegeAccounting,
 	PrivilegeSupplier,
+	PrivilegeSalary,
 }
 
 func (e Privilege) IsValid() bool {
 	switch e {
-	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier:
+	case PrivilegeAdmin, PrivilegeCompany, PrivilegeConsumer, PrivilegeTime, PrivilegeInvoicing, PrivilegeAccounting, PrivilegeSupplier, PrivilegeSalary:
 		return true
 	}
 	return false

go.mod

@@ -1,12 +1,12 @@
-module gitlab.com/unboundsoftware/shiny/authz_client
+module gitea.unbound.se/shiny/authz_client
 
 go 1.22.12
 
-toolchain go1.24.2
+toolchain go1.26.2
 
 require (
-	github.com/sparetimecoders/goamqp v0.3.2
-	github.com/stretchr/testify v1.10.0
+	github.com/sparetimecoders/goamqp v0.3.3
+	github.com/stretchr/testify v1.11.1
 )
 
 require (

go.sum

@@ -8,10 +8,10 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rabbitmq/amqp091-go v1.10.0 h1:STpn5XsHlHGcecLmMFCtg7mqq0RnD+zFr4uzukfVhBw=
 github.com/rabbitmq/amqp091-go v1.10.0/go.mod h1:Hy4jKW5kQART1u+JkDTF9YYOQUHXqMuhrgxOEeS7G4o=
-github.com/sparetimecoders/goamqp v0.3.2 h1:XdlyUBAJS5RcURw+SnnPjPJJuofddZwQsjAf05VPXvI=
-github.com/sparetimecoders/goamqp v0.3.2/go.mod h1:W9NRCpWLE+Vruv2dcRSbszNil2O826d2Nv6kAkETW5o=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/sparetimecoders/goamqp v0.3.3 h1:z/nfTPmrjeU/rIVuNOgsVLCimp3WFoNFvS3ZzXRJ6HE=
+github.com/sparetimecoders/goamqp v0.3.3/go.mod h1:W9NRCpWLE+Vruv2dcRSbszNil2O826d2Nv6kAkETW5o=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=