makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix: OIDC auth flow, Vite proxy, and PostgreSQL query compat

Browse Source 
- Add auth redirect in root layout for unauthenticated users
- Proxy OIDC routes (/login, /callback, /logout) through Vite dev server
- Strip Secure flag from OIDC cookies in dev mode (HTTP localhost)
- Disable retry on auth query to prevent stale cookie loops
- Fix SQLite .get()/.all()/.run() calls in category and global-item
  services for PostgreSQL compatibility
- Add userId scoping to category service functions
- Add OIDC error logging in auth middleware
- Apply linter auto-formatting across affected files

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jean-Luc Makiola
2026-04-05 18:25:31 +02:00
parent f7588827b1
commit 574a12e6fa
32 changed files with 315 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/server/index.ts
View File

@@ -1,11 +1,11 @@
import { Hono } from "hono";
import { serveStatic } from "hono/bun";
import { cors } from "hono/cors";
import {
oidcAuthMiddleware,
processOAuthCallback,
revokeSession,
} from "@hono/oidc-auth";
import { Hono } from "hono";
import { serveStatic } from "hono/bun";
import { cors } from "hono/cors";
import { db as prodDb } from "../db/index.ts";
import { seedDefaults } from "../db/seed.ts";
import { mcpRoutes } from "./mcp/index.ts";
@@ -15,8 +15,8 @@ import { categoryRoutes } from "./routes/categories.ts";
import { imageRoutes } from "./routes/images.ts";
import { itemRoutes } from "./routes/items.ts";
import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
import { settingsRoutes } from "./routes/settings.ts";
import { profileRoutes } from "./routes/profiles.ts";
import { settingsRoutes } from "./routes/settings.ts";
import { setupRoutes } from "./routes/setups.ts";
import { threadRoutes } from "./routes/threads.ts";
import { totalRoutes } from "./routes/totals.ts";
@@ -42,6 +42,24 @@ app.get("/api/health", (c) => {
});
// ── OIDC Browser Auth (top-level, before /api/* middleware) ───────────
// In dev mode, strip Secure flag from OIDC cookies so they work over HTTP
if (process.env.NODE_ENV !== "production") {
app.use("*", async (c, next) => {
await next();
const setCookies = c.res.headers.getSetCookie?.() ?? [];
if (setCookies.length > 0) {
c.res.headers.delete("Set-Cookie");
for (const cookie of setCookies) {
c.res.headers.append(
"Set-Cookie",
cookie.replace(/;\s*Secure/gi, ""),
);
}
}
});
}
app.get("/login", oidcAuthMiddleware(), async (c) => c.redirect("/"));
app.get("/callback", async (c) => processOAuthCallback(c));
app.get("/logout", async (c) => {