Compare commits

...

3 Commits

Author SHA1 Message Date
RaymondVerhoef
89d3395a62 feat: enhance OIDC configuration for Azure login and improve error handling in API responses
All checks were successful
On Push to Main / test (push) Successful in 56s
On Push to Main / publish (push) Successful in 1m24s
On Push to Main / deploy-dev (push) Successful in 2m58s
2026-07-11 10:19:54 +02:00
RaymondVerhoef
d5191073f0 feat: migrate team_members to OIDC-based auth collection and update docker-compose environment configuration
All checks were successful
On Push to Main / test (push) Successful in 57s
On Push to Main / publish (push) Successful in 1m16s
On Push to Main / deploy-dev (push) Successful in 3m0s
2026-06-25 18:05:39 +02:00
fab7a12f7b Merge pull request 'fix/issue-16-azure-login' (#17) from fix/issue-16-azure-login into main
All checks were successful
On Push to Main / test (push) Successful in 30s
On Push to Main / publish (push) Successful in 1m15s
On Push to Main / deploy-dev (push) Successful in 2m54s
Reviewed-on: #17
2026-06-24 14:00:40 +00:00
3 changed files with 62 additions and 6 deletions

View File

@@ -46,6 +46,13 @@
}
handle_errors {
# Don't mask API errors with the SPA shell — return a proper
# JSON error so the frontend can display a meaningful message.
@api path /api/*
respond @api `{"code":{err.status_code},"message":"Backend unavailable"}` {err.status_code} {
Content-Type application/json
}
rewrite * /index.html
file_server
}

View File

@@ -12,7 +12,11 @@ services:
container_name: pocketbase-learning
restart: unless-stopped
working_dir: /pb
env_file:
- .env.local
command: ["serve", "--http=0.0.0.0:8090", "--dir=/pb/pb_data", "--migrationsDir=/pb/pb_migrations"]
ports:
- "8090:8090"
volumes:
- pb_data:/pb/pb_data
- ./pb_migrations:/pb/pb_migrations

View File

@@ -20,6 +20,25 @@
// providers) or ship a follow-up migration.
migrate((app) => {
// 1. Drop the old PIN-based collection (takes the PIN records with it).
// Other collections (micro_learning_completions, theme_session_completions)
// have relation fields pointing to the old team_members — PocketBase refuses
// to delete a referenced collection. Remove those relation fields first,
// delete the old collection, create the new auth collection, then re-add
// the relation fields pointing to the new collection.
const relDeps = [
{ collection: "micro_learning_completions", fieldId: "rel_team_member_id", fieldName: "team_member_id" },
{ collection: "theme_session_completions", fieldId: "rel_tsc_team_member", fieldName: "team_member_id" },
];
// Remove blocking relation fields so the old collection can be deleted.
for (const dep of relDeps) {
try {
const col = app.findCollectionByNameOrId(dep.collection);
col.fields.removeById(dep.fieldId);
app.save(col);
} catch (_) { /* collection doesn't exist yet — skip */ }
}
try {
const old = app.findCollectionByNameOrId("team_members");
app.delete(old);
@@ -28,6 +47,14 @@ migrate((app) => {
}
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
const clientId = $os.getenv("ENTRA_CLIENT_ID");
const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET");
const hasOidc = !!(clientId && clientSecret);
if (!hasOidc) {
console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " +
"Set the env vars and re-apply the migration to enable Azure login.");
}
// 2. Recreate `team_members` as an auth collection (same name → all existing
// `user_id` references in test_results, on_demand_attempts,
@@ -56,7 +83,7 @@ migrate((app) => {
mfa: { enabled: false, duration: 600, rule: "" },
oauth2: {
enabled: true,
enabled: hasOidc,
// Map the OIDC userinfo claims onto our fields.
mappedFields: {
id: "",
@@ -64,18 +91,18 @@ migrate((app) => {
username: "",
avatarURL: "",
},
providers: [
providers: hasOidc ? [
{
name: "oidc",
clientId: $os.getenv("ENTRA_CLIENT_ID"),
clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"),
clientId: clientId,
clientSecret: clientSecret,
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
displayName: "Microsoft",
pkce: true,
},
],
] : [],
},
fields: [
@@ -231,6 +258,24 @@ migrate((app) => {
});
app.save(collection);
// 3. Re-add the relation fields pointing to the new auth collection.
for (const dep of relDeps) {
try {
const col = app.findCollectionByNameOrId(dep.collection);
const newField = new Field({
id: dep.fieldId,
name: dep.fieldName,
type: "relation",
required: true,
collectionId: collection.id,
cascadeDelete: true,
maxSelect: 1,
});
col.fields.add(newField);
app.save(col);
} catch (_) { /* collection doesn't exist — skip */ }
}
}, (app) => {
// Down: drop the auth collection and recreate the original PIN-based base
// collection (without data — the original records are gone).