fix(oobe): add test connection endpoint and fix EOF newline (GRO-392)
- Add POST /api/setup/auth-provider/test endpoint for OOBE test connection - Guard with same !superUser check as bootstrap endpoint - Update SetupWizard to call /api/setup/auth-provider/test instead of /api/admin/auth-provider/test (which requires auth session) - Add trailing newline at EOF in setup.ts Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -178,4 +178,48 @@ setupRouter.post("/auth-provider", zValidator("json", authProviderBootstrapSchem
|
|||||||
createdAt: row.createdAt,
|
createdAt: row.createdAt,
|
||||||
updatedAt: row.updatedAt,
|
updatedAt: row.updatedAt,
|
||||||
}, 201);
|
}, 201);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
/**
|
||||||
|
* POST /api/setup/auth-provider/test
|
||||||
|
* Unauthenticated endpoint to validate an OIDC provider configuration during OOBE.
|
||||||
|
* Fetches the OIDC discovery document to confirm the issuer is reachable.
|
||||||
|
* Only available when needsSetup is true (no super user = fresh install).
|
||||||
|
*/
|
||||||
|
setupRouter.post("/auth-provider/test", zValidator("json", authProviderBootstrapSchema), async (c) => {
|
||||||
|
const db = getDb();
|
||||||
|
|
||||||
|
// Guard: only allow during fresh install (no super user yet)
|
||||||
|
const [superUser] = await db
|
||||||
|
.select({ id: staff.id })
|
||||||
|
.from(staff)
|
||||||
|
.where(eq(staff.isSuperUser, true))
|
||||||
|
.limit(1);
|
||||||
|
|
||||||
|
if (superUser) {
|
||||||
|
return c.json({ ok: false, error: "Setup has already been completed." }, 403);
|
||||||
|
}
|
||||||
|
|
||||||
|
const body = c.req.valid("json");
|
||||||
|
|
||||||
|
// Determine the discovery URL
|
||||||
|
const discoveryUrl = body.internalBaseUrl
|
||||||
|
? `${body.internalBaseUrl}/application/o/.well-known/openid-configuration`
|
||||||
|
: `${body.issuerUrl}/.well-known/openid-configuration`;
|
||||||
|
|
||||||
|
try {
|
||||||
|
const res = await fetch(discoveryUrl, { method: "GET" });
|
||||||
|
if (!res.ok) {
|
||||||
|
return c.json({
|
||||||
|
ok: false,
|
||||||
|
error: `OIDC discovery failed (HTTP ${res.status}). Check your Issuer URL and Internal Base URL.`,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return c.json({ ok: true });
|
||||||
|
} catch (e) {
|
||||||
|
return c.json({
|
||||||
|
ok: false,
|
||||||
|
error: "Could not reach the OIDC provider. Check your Issuer URL and network connectivity.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|||||||
@@ -82,7 +82,7 @@ export function SetupWizard() {
|
|||||||
setTestingConnection(true);
|
setTestingConnection(true);
|
||||||
setTestResult(null);
|
setTestResult(null);
|
||||||
try {
|
try {
|
||||||
const res = await fetch("/api/admin/auth-provider/test", {
|
const res = await fetch("/api/setup/auth-provider/test", {
|
||||||
method: "POST",
|
method: "POST",
|
||||||
headers: { "Content-Type": "application/json" },
|
headers: { "Content-Type": "application/json" },
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
|
|||||||
Reference in New Issue
Block a user