Compare commits
3 Commits
fix/issue-
...
89d3395a62
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
89d3395a62 | ||
|
|
d5191073f0 | ||
| fab7a12f7b |
@@ -46,6 +46,13 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
handle_errors {
|
handle_errors {
|
||||||
|
# Don't mask API errors with the SPA shell — return a proper
|
||||||
|
# JSON error so the frontend can display a meaningful message.
|
||||||
|
@api path /api/*
|
||||||
|
respond @api `{"code":{err.status_code},"message":"Backend unavailable"}` {err.status_code} {
|
||||||
|
Content-Type application/json
|
||||||
|
}
|
||||||
|
|
||||||
rewrite * /index.html
|
rewrite * /index.html
|
||||||
file_server
|
file_server
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -12,7 +12,11 @@ services:
|
|||||||
container_name: pocketbase-learning
|
container_name: pocketbase-learning
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
working_dir: /pb
|
working_dir: /pb
|
||||||
|
env_file:
|
||||||
|
- .env.local
|
||||||
command: ["serve", "--http=0.0.0.0:8090", "--dir=/pb/pb_data", "--migrationsDir=/pb/pb_migrations"]
|
command: ["serve", "--http=0.0.0.0:8090", "--dir=/pb/pb_data", "--migrationsDir=/pb/pb_migrations"]
|
||||||
|
ports:
|
||||||
|
- "8090:8090"
|
||||||
volumes:
|
volumes:
|
||||||
- pb_data:/pb/pb_data
|
- pb_data:/pb/pb_data
|
||||||
- ./pb_migrations:/pb/pb_migrations
|
- ./pb_migrations:/pb/pb_migrations
|
||||||
|
|||||||
@@ -20,6 +20,25 @@
|
|||||||
// providers) or ship a follow-up migration.
|
// providers) or ship a follow-up migration.
|
||||||
migrate((app) => {
|
migrate((app) => {
|
||||||
// 1. Drop the old PIN-based collection (takes the PIN records with it).
|
// 1. Drop the old PIN-based collection (takes the PIN records with it).
|
||||||
|
// Other collections (micro_learning_completions, theme_session_completions)
|
||||||
|
// have relation fields pointing to the old team_members — PocketBase refuses
|
||||||
|
// to delete a referenced collection. Remove those relation fields first,
|
||||||
|
// delete the old collection, create the new auth collection, then re-add
|
||||||
|
// the relation fields pointing to the new collection.
|
||||||
|
const relDeps = [
|
||||||
|
{ collection: "micro_learning_completions", fieldId: "rel_team_member_id", fieldName: "team_member_id" },
|
||||||
|
{ collection: "theme_session_completions", fieldId: "rel_tsc_team_member", fieldName: "team_member_id" },
|
||||||
|
];
|
||||||
|
|
||||||
|
// Remove blocking relation fields so the old collection can be deleted.
|
||||||
|
for (const dep of relDeps) {
|
||||||
|
try {
|
||||||
|
const col = app.findCollectionByNameOrId(dep.collection);
|
||||||
|
col.fields.removeById(dep.fieldId);
|
||||||
|
app.save(col);
|
||||||
|
} catch (_) { /* collection doesn't exist yet — skip */ }
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const old = app.findCollectionByNameOrId("team_members");
|
const old = app.findCollectionByNameOrId("team_members");
|
||||||
app.delete(old);
|
app.delete(old);
|
||||||
@@ -27,7 +46,15 @@ migrate((app) => {
|
|||||||
// Collection did not exist — nothing to drop.
|
// Collection did not exist — nothing to drop.
|
||||||
}
|
}
|
||||||
|
|
||||||
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
|
const tenant = $os.getenv("ENTRA_TENANT_ID") || "common";
|
||||||
|
const clientId = $os.getenv("ENTRA_CLIENT_ID");
|
||||||
|
const clientSecret = $os.getenv("ENTRA_CLIENT_SECRET");
|
||||||
|
|
||||||
|
const hasOidc = !!(clientId && clientSecret);
|
||||||
|
if (!hasOidc) {
|
||||||
|
console.log("WARN: ENTRA_CLIENT_ID / ENTRA_CLIENT_SECRET not set — OIDC provider will not be configured. " +
|
||||||
|
"Set the env vars and re-apply the migration to enable Azure login.");
|
||||||
|
}
|
||||||
|
|
||||||
// 2. Recreate `team_members` as an auth collection (same name → all existing
|
// 2. Recreate `team_members` as an auth collection (same name → all existing
|
||||||
// `user_id` references in test_results, on_demand_attempts,
|
// `user_id` references in test_results, on_demand_attempts,
|
||||||
@@ -56,7 +83,7 @@ migrate((app) => {
|
|||||||
mfa: { enabled: false, duration: 600, rule: "" },
|
mfa: { enabled: false, duration: 600, rule: "" },
|
||||||
|
|
||||||
oauth2: {
|
oauth2: {
|
||||||
enabled: true,
|
enabled: hasOidc,
|
||||||
// Map the OIDC userinfo claims onto our fields.
|
// Map the OIDC userinfo claims onto our fields.
|
||||||
mappedFields: {
|
mappedFields: {
|
||||||
id: "",
|
id: "",
|
||||||
@@ -64,18 +91,18 @@ migrate((app) => {
|
|||||||
username: "",
|
username: "",
|
||||||
avatarURL: "",
|
avatarURL: "",
|
||||||
},
|
},
|
||||||
providers: [
|
providers: hasOidc ? [
|
||||||
{
|
{
|
||||||
name: "oidc",
|
name: "oidc",
|
||||||
clientId: $os.getenv("ENTRA_CLIENT_ID"),
|
clientId: clientId,
|
||||||
clientSecret: $os.getenv("ENTRA_CLIENT_SECRET"),
|
clientSecret: clientSecret,
|
||||||
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
|
authURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/authorize",
|
||||||
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
|
tokenURL: "https://login.microsoftonline.com/" + tenant + "/oauth2/v2.0/token",
|
||||||
userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
|
userInfoURL: "https://graph.microsoft.com/oidc/userinfo",
|
||||||
displayName: "Microsoft",
|
displayName: "Microsoft",
|
||||||
pkce: true,
|
pkce: true,
|
||||||
},
|
},
|
||||||
],
|
] : [],
|
||||||
},
|
},
|
||||||
|
|
||||||
fields: [
|
fields: [
|
||||||
@@ -231,6 +258,24 @@ migrate((app) => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
app.save(collection);
|
app.save(collection);
|
||||||
|
|
||||||
|
// 3. Re-add the relation fields pointing to the new auth collection.
|
||||||
|
for (const dep of relDeps) {
|
||||||
|
try {
|
||||||
|
const col = app.findCollectionByNameOrId(dep.collection);
|
||||||
|
const newField = new Field({
|
||||||
|
id: dep.fieldId,
|
||||||
|
name: dep.fieldName,
|
||||||
|
type: "relation",
|
||||||
|
required: true,
|
||||||
|
collectionId: collection.id,
|
||||||
|
cascadeDelete: true,
|
||||||
|
maxSelect: 1,
|
||||||
|
});
|
||||||
|
col.fields.add(newField);
|
||||||
|
app.save(col);
|
||||||
|
} catch (_) { /* collection doesn't exist — skip */ }
|
||||||
|
}
|
||||||
}, (app) => {
|
}, (app) => {
|
||||||
// Down: drop the auth collection and recreate the original PIN-based base
|
// Down: drop the auth collection and recreate the original PIN-based base
|
||||||
// collection (without data — the original records are gone).
|
// collection (without data — the original records are gone).
|
||||||
|
|||||||
Reference in New Issue
Block a user