groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
581 Commits 75 Branches 0 Tags
f3c56b43f07aa27fd726e2da4d979111ec38349b
Commit Graph

5 Commits

Author SHA1 Message Date
Paperclip d9e6b09fe5 fix(api): use correct schema in POST /admin/auth-provider/test (GRO-454) 
Switch the test endpoint from putAuthProviderSchema.omit({ clientSecret })
(which requires providerId, displayName, clientId, scopes) to the
minimal authProviderTestSchema (issuerUrl, internalBaseUrl?) that matches
what the Settings.tsx frontend actually sends.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 13:16:30 +00:00
Flea Flicker 1c502bb165 fix(api): wrap encryptSecret in try/catch to return proper JSON error 
PUT /api/admin/auth-provider was returning HTTP 500 with an HTML error page
when BETTER_AUTH_SECRET was missing, because encryptSecret() throws an
unhandled error. This change wraps both the encryption step and the DB
transaction in try/catch blocks to return a proper JSON error response.

Also adds the missing authProviderConfig schema and encryptSecret crypto
helpers from the feat/gro-392-oobe-auth-provider-bootstrap branch.

Fixes: GRO-441

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-04 00:02:11 +00:00
groombook-engineer[bot] 1f2a73cb44 fix(GRO-424): add try/catch around reinitAuth() calls 
reinitAuth() can throw if BETTER_AUTH_SECRET is missing, causing
an unhandled rejection that returns an HTML error page instead of
JSON. Wrap both PUT and DELETE handlers in try/catch to return a
proper JSON error response.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-03 13:02:13 +00:00
groombook-engineer[bot] ae920aa347 fix(GRO-424): move reinitAuth to active router, add SSRF timeout, fix trailing slash 
- Add reinitAuth() import and calls to routes/authProvider.ts (active router)
  instead of routes/admin/authProvider.ts (dead code, not imported)
- Add AbortSignal.timeout(10_000) to fetch in setup auth-provider/test endpoint
- Add .replace(/\/$/, "") to strip trailing slash from internalBaseUrl
- Delete dead routes/admin/authProvider.ts

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-03 13:02:13 +00:00
groombook-engineer[bot] 63c829bfd3 feat(api): auth provider CRUD endpoints + test-connection (GRO-388) 
Implements admin API endpoints for managing auth provider configuration.
All gated by requireSuperUser().

Endpoints:
- GET /api/admin/auth-provider - returns config with clientSecret=redacted
- PUT /api/admin/auth-provider - encrypts clientSecret before DB write
- POST /api/admin/auth-provider/test - validates OIDC discovery endpoint
- DELETE /api/admin/auth-provider - removes DB config

Fixes CTO review findings:
- PUT uses db.transaction() for atomic upsert (was non-atomic delete+insert)
- Rebased on latest main (drops stale GRO-404/406 commits)
- Added EOF newlines to authProvider.ts and authProvider.test.ts

Unit tests with 9 passing test cases covering all endpoints and RBAC.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-04-02 21:50:40 +00:00