Compare commits

...

1 Commits

Author SHA1 Message Date
RaymondVerhoef
89d3395a62 feat: enhance OIDC configuration for Azure login and improve error handling in API responses
All checks were successful
On Push to Main / test (push) Successful in 56s
On Push to Main / publish (push) Successful in 1m24s
On Push to Main / deploy-dev (push) Successful in 2m58s
2026-07-11 10:19:54 +02:00
2 changed files with 21 additions and 6 deletions

View File

@@ -46,6 +46,13 @@
} }
handle_errors { handle_errors {
# Don't mask API errors with the SPA shell — return a proper
# JSON error so the frontend can display a meaningful message.
@api path /api/*
respond @api `{"code":{err.status_code},"message":"Backend unavailable"}` {err.status_code} {
Content-Type application/json
}
rewrite * /index.html rewrite * /index.html
file_server file_server
} }

View File

@@ -47,6 +47,14 @@ migrate((app) => {
} }
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common"; const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
const clientId = $os.getenv("ENTRA_CLIENT_ID");
const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET");
const hasOidc = !!(clientId && clientSecret);
if (!hasOidc) {
console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " +
"Set the env vars and re-apply the migration to enable Azure login.");
}
// 2. Recreate `team_members` as an auth collection (same name → all existing // 2. Recreate `team_members` as an auth collection (same name → all existing
// `user_id` references in test_results, on_demand_attempts, // `user_id` references in test_results, on_demand_attempts,
@@ -75,7 +83,7 @@ migrate((app) => {
mfa: { enabled: false, duration: 600, rule: "" }, mfa: { enabled: false, duration: 600, rule: "" },
oauth2: { oauth2: {
enabled: true, enabled: hasOidc,
// Map the OIDC userinfo claims onto our fields. // Map the OIDC userinfo claims onto our fields.
mappedFields: { mappedFields: {
id: "", id: "",
@@ -83,18 +91,18 @@ migrate((app) => {
username: "", username: "",
avatarURL: "", avatarURL: "",
}, },
providers: [ providers: hasOidc ? [
{ {
name: "oidc", name: "oidc",
clientId: $os.getenv("ENTRA_CLIENT_ID"), clientId: clientId,
clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"), clientSecret: clientSecret,
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize", authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token", tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
userInfoURL: "https://graph.microsoft.com/oidc/userinfo", userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
displayName: "Microsoft", displayName: "Microsoft",
pkce: true, pkce: true,
}, },
], ] : [],
}, },
fields: [ fields: [