makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: return database user ID from /api/auth/me instead of Logto sub
Some checks failed
CI / ci (push) Failing after 1m8s
Details
CI / deploy (push) Has been skipped
Details
CI / e2e (push) Has been skipped
Details

Browse Source 
The /me endpoint was returning auth.sub (Logto's opaque string) as the
user ID, but the frontend and other API endpoints expect numeric DB IDs.
This caused "can't access property 'id', w[0] is undefined" after login.

Also documents Logto OIDC setup requirements (scopes, env vars) in
CLAUDE.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-08 22:16:59 +02:00
parent 9dca657ab1
commit 3b29248845
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
CLAUDE.md
View File

@@ -109,13 +109,26 @@ Always use existing components instead of rebuilding with plain HTML. Check `src
## Authentication
- **First run**: No users exist. Visit `/login` to create your admin account.
- **Web UI**: Cookie-based sessions (`gearbox_session`), 30-day expiry, auto-refreshed.
- **OIDC via Logto**: Authentication is handled by an external Logto instance via `@hono/oidc-auth`. Users are redirected to Logto for login, and sessions are managed via OIDC cookies.
- **Programmatic access**: API keys created in Settings > API Keys. Pass via `X-API-Key` header.
- **Public read**: All GET endpoints work without auth. POST/PUT/DELETE require auth.
- **Auth routes**: `/api/auth/login`, `/api/auth/logout`, `/api/auth/setup`, `/api/auth/me`, `/api/auth/password`, `/api/auth/keys`.
- **Auth routes**: `/api/auth/me`, `/api/auth/keys`, `/api/auth/profile`.
- **MCP OAuth**: OAuth 2.1 + PKCE for Claude mobile/web. Endpoints at `/oauth/*`. Uses existing GearBox credentials.
### Logto Setup
The Logto application must be configured with the correct scopes. In the Logto admin console, go to the application settings and ensure the following **User Scopes** are granted: `openid`, `profile`, `email` (matching the `OIDC_SCOPES` env var).
**Required env vars:**
```bash
OIDC_ISSUER=https://your-logto-domain/oidc # Logto OIDC issuer URL
OIDC_CLIENT_ID=<client-id> # From Logto app settings
OIDC_CLIENT_SECRET=<client-secret> # From Logto app settings
OIDC_AUTH_SECRET=<random-32-char-hex> # Session encryption key
OIDC_SCOPES="openid profile email" # Must match Logto app scopes
OIDC_REDIRECT_URI=https://your-app/callback # Must match Logto redirect URI
```
## MCP Server
GearBox includes a built-in MCP server for integration with Claude Code and Claude Desktop. Enabled by default, disable with `GEARBOX_MCP=false`. Authenticated via API key or OAuth 2.1 Bearer token.

5
src/server/routes/auth.ts
View File

@@ -8,6 +8,7 @@ import { requireAuth } from "../middleware/auth.ts";
import {
createApiKey,
deleteApiKey,
getOrCreateUser,
listApiKeys,
} from "../services/auth.service.ts";
import { updateProfile } from "../services/profile.service.ts";
@@ -23,8 +24,10 @@ const app = new Hono<Env>();
app.get("/me", async (c) => {
const auth = await getAuth(c);
if (auth) {
const db = c.get("db");
const user = await getOrCreateUser(db, auth.sub);
return c.json({
user: { id: auth.sub, email: auth.email },
user: { id: user.id, email: auth.email },
authenticated: true,
});
}