feat(portal-self-service): runtime config + nginx serve/proxy image (refs #68)
The app loads /config.json at startup (main.ts) so the OIDC authority is set per environment from one build; appConfig becomes a factory and derives redirectUrl + secureApiOrigin from the app origin (same-origin as the BFF). A multi-stage Dockerfile builds the app and serves it via nginx, reverse-proxying /self-service + /openbaar to the bff (relative URLs → no CORS); nginx resolves the BFF at request time. The compose image bakes config.json with the keycloak:8080 authority so the browser's token issuer matches the BFF (ADR-0010). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -7,16 +7,29 @@ import { provideRouter } from '@angular/router';
|
||||
import { authInterceptor, provideDigiadAuth } from 'auth';
|
||||
import { appRoutes } from './app.routes';
|
||||
|
||||
export const appConfig: ApplicationConfig = {
|
||||
providers: [
|
||||
provideBrowserGlobalErrorListeners(),
|
||||
provideRouter(appRoutes),
|
||||
provideHttpClient(withInterceptors([authInterceptor()])),
|
||||
// Dev defaults (host ports). The compose-served app overrides these for the stack (S-08d).
|
||||
provideDigiadAuth({
|
||||
authority: 'http://localhost:8180/realms/digid',
|
||||
redirectUrl: typeof window !== 'undefined' ? window.location.origin : '/',
|
||||
secureApiOrigin: 'http://localhost:8080',
|
||||
}),
|
||||
],
|
||||
};
|
||||
/** Environment-specific settings fetched from /config.json at startup (see main.ts). */
|
||||
export interface RuntimeConfig {
|
||||
/** The Keycloak `digid` realm issuer as the browser reaches it (dev: localhost; compose: keycloak:8080). */
|
||||
authority: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Build the app providers from runtime config. `redirectUrl` and `secureApiOrigin` are the app's own
|
||||
* origin: the app is served same-origin as the BFF (nginx proxies /self-service + /openbaar), so the
|
||||
* api-client's relative calls stay same-origin and the token interceptor attaches to them.
|
||||
*/
|
||||
export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
|
||||
const origin = typeof window !== 'undefined' ? window.location.origin : '/';
|
||||
return {
|
||||
providers: [
|
||||
provideBrowserGlobalErrorListeners(),
|
||||
provideRouter(appRoutes),
|
||||
provideHttpClient(withInterceptors([authInterceptor()])),
|
||||
provideDigiadAuth({
|
||||
authority: runtime.authority,
|
||||
redirectUrl: origin,
|
||||
secureApiOrigin: origin,
|
||||
}),
|
||||
],
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,5 +1,10 @@
|
||||
import { bootstrapApplication } from '@angular/platform-browser';
|
||||
import { appConfig } from './app/app.config';
|
||||
import { App } from './app/app';
|
||||
import { appConfig, type RuntimeConfig } from './app/app.config';
|
||||
|
||||
bootstrapApplication(App, appConfig).catch((err) => console.error(err));
|
||||
// Load environment config before bootstrap so the OIDC authority is set per environment
|
||||
// (dev: localhost; compose: keycloak:8080) from a single build — 12-factor (S-08d).
|
||||
fetch('config.json')
|
||||
.then((response) => response.json() as Promise<RuntimeConfig>)
|
||||
.then((config) => bootstrapApplication(App, appConfig(config)))
|
||||
.catch((err) => console.error(err));
|
||||
|
||||
Reference in New Issue
Block a user