test(e2e): serve the portal + walking-skeleton Playwright e2e (closes #68) #72

Merged
not merged 11 commits from feat/68-e2e into main 2026-07-13 13:20:58 +00:00
2 changed files with 14 additions and 7 deletions
Showing only changes of commit 0e6c7d2066 - Show all commits

View File

@@ -14,9 +14,11 @@ export interface RuntimeConfig {
} }
/** /**
* Build the app providers from runtime config. `redirectUrl` and `secureApiOrigin` are the app's own * Build the app providers from runtime config. `redirectUrl` is the app's own origin (where Keycloak
* origin: the app is served same-origin as the BFF (nginx proxies /self-service + /openbaar), so the * redirects back). The app is served same-origin as the BFF (nginx proxies /self-service + /openbaar),
* api-client's relative calls stay same-origin and the token interceptor attaches to them. * so the api-client uses **relative** URLs — hence `secureRoutes` is the relative `/self-service/`
* prefix (the guarded BFF route), not the origin: the interceptor matches on `req.url`, which stays
* relative, so an origin would never match and the token would not be attached.
*/ */
export function appConfig(runtime: RuntimeConfig): ApplicationConfig { export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
const origin = typeof window !== 'undefined' ? window.location.origin : '/'; const origin = typeof window !== 'undefined' ? window.location.origin : '/';
@@ -28,7 +30,7 @@ export function appConfig(runtime: RuntimeConfig): ApplicationConfig {
provideDigiadAuth({ provideDigiadAuth({
authority: runtime.authority, authority: runtime.authority,
redirectUrl: origin, redirectUrl: origin,
secureApiOrigin: origin, secureRoutes: ['/self-service/'],
}), }),
], ],
}; };

View File

@@ -13,8 +13,13 @@ export interface DigiadAuthOptions {
authority: string; authority: string;
/** Where Keycloak redirects back to after login (usually the app origin). */ /** Where Keycloak redirects back to after login (usually the app origin). */
redirectUrl: string; redirectUrl: string;
/** The BFF origin whose requests get the bearer token attached (secure route). */ /**
secureApiOrigin: string; * Route prefixes whose requests get the bearer token attached. The api-client calls the BFF with
* **relative** URLs (same-origin via the nginx proxy), so these must be relative path prefixes
* (e.g. `/self-service/`) — angular-auth-oidc-client matches `req.url.startsWith(route)`, and a
* relative `req.url` never starts with an absolute origin.
*/
secureRoutes: string[];
} }
/** /**
@@ -35,7 +40,7 @@ export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProvid
responseType: 'code', responseType: 'code',
silentRenew: true, silentRenew: true,
useRefreshToken: true, useRefreshToken: true,
secureRoutes: [options.secureApiOrigin], secureRoutes: options.secureRoutes,
logLevel: LogLevel.Warn, logLevel: LogLevel.Warn,
}, },
}, },