feat: enhance OIDC configuration for Azure login and improve error handling in API responses
All checks were successful
On Push to Main / test (push) Successful in 56s
On Push to Main / publish (push) Successful in 1m24s
On Push to Main / deploy-dev (push) Successful in 2m58s

This commit is contained in:
RaymondVerhoef
2026-07-11 10:19:54 +02:00
parent d5191073f0
commit 89d3395a62
2 changed files with 21 additions and 6 deletions

View File

@@ -46,6 +46,13 @@
}
handle_errors {
# Don't mask API errors with the SPA shell — return a proper
# JSON error so the frontend can display a meaningful message.
@api path /api/*
respond @api `{"code":{err.status_code},"message":"Backend unavailable"}` {err.status_code} {
Content-Type application/json
}
rewrite * /index.html
file_server
}

View File

@@ -46,7 +46,15 @@ migrate((app) => {
// Collection did not exist — nothing to drop.
}
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
const clientId = $os.getenv("ENTRA_CLIENT_ID");
const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET");
const hasOidc = !!(clientId && clientSecret);
if (!hasOidc) {
console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " +
"Set the env vars and re-apply the migration to enable Azure login.");
}
// 2. Recreate `team_members` as an auth collection (same name → all existing
// `user_id` references in test_results, on_demand_attempts,
@@ -75,7 +83,7 @@ migrate((app) => {
mfa: { enabled: false, duration: 600, rule: "" },
oauth2: {
enabled: true,
enabled: hasOidc,
// Map the OIDC userinfo claims onto our fields.
mappedFields: {
id: "",
@@ -83,18 +91,18 @@ migrate((app) => {
username: "",
avatarURL: "",
},
providers: [
providers: hasOidc ? [
{
name: "oidc",
clientId: $os.getenv("ENTRA_CLIENT_ID"),
clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"),
clientId: clientId,
clientSecret: clientSecret,
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
displayName: "Microsoft",
pkce: true,
},
],
] : [],
},
fields: [