Compare commits

..

3 Commits

Author SHA1 Message Date
Hugh Hackman e26718be4e fix(GRO-898): wire BETTER_AUTH_URL and OIDC_* secret refs into API deployment
The base API deployment chart was missing the auth env var wiring needed
for Better Auth + OIDC Authentik SSO:

- BETTER_AUTH_URL: explicit base URL (was hardcoded in kustomize patch only)
- OIDC_CLIENT_ID / OIDC_CLIENT_SECRET: secret refs (were missing entirely)
- BETTER_AUTH_SECRET: secret ref (was missing entirely)
- OIDC_INTERNAL_BASE: conditional env var (was missing from base chart)

The groombook-auth sealed secret already holds all three encrypted values
(BETTER_AUTH_SECRET, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET). The chart just
wasn't referencing them for the base deployment.

Also rename oidcIssuer → oidcIssuer in values for consistency, and add
new values betterAuthUrl + internalBaseUrl to cover all required vars.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-29 23:43:12 +00:00
the-dogfather-cto[bot] cd25d98384 Merge pull request #366 from groombook/fix/gro-898-ci-dev-branch
fix(GRO-898): update CI to deploy on dev branch pushes
2026-04-24 15:53:15 +00:00
Test User e9fceb78b3 fix(GRO-898): update CI to deploy on dev branch pushes
Update the Update Infra Image Tags job condition to also trigger
on pushes to the dev branch, not just main.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-24 15:46:50 +00:00
7 changed files with 100 additions and 78 deletions
+1 -1
View File
@@ -340,7 +340,7 @@ jobs:
name: Update Infra Image Tags name: Update Infra Image Tags
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [docker] needs: [docker]
if: github.ref == 'refs/heads/main' && github.event_name == 'push' if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && github.event_name == 'push'
permissions: permissions:
contents: write contents: write
pull-requests: write pull-requests: write
-1
View File
@@ -102,7 +102,6 @@ invoicesRouter.get(
paidAt: invoices.paidAt, paidAt: invoices.paidAt,
notes: invoices.notes, notes: invoices.notes,
stripePaymentIntentId: invoices.stripePaymentIntentId, stripePaymentIntentId: invoices.stripePaymentIntentId,
stripeRefundId: invoices.stripeRefundId,
createdAt: invoices.createdAt, createdAt: invoices.createdAt,
updatedAt: invoices.updatedAt, updatedAt: invoices.updatedAt,
}) })
+68 -75
View File
@@ -173,21 +173,22 @@ function InvoiceDetailModal({
const [error, setError] = useState<string | null>(null); const [error, setError] = useState<string | null>(null);
const [tipStr, setTipStr] = useState((invoice.tipCents / 100).toFixed(2)); const [tipStr, setTipStr] = useState((invoice.tipCents / 100).toFixed(2));
const [paymentMethod, setPaymentMethod] = useState<string>(invoice.paymentMethod ?? "cash"); const [paymentMethod, setPaymentMethod] = useState<string>(invoice.paymentMethod ?? "cash");
const [showRefundDialog, setShowRefundDialog] = useState(false); const [showRefundDialog, setShowRefundDialog] = useState(false);
const [refundType, setRefundType] = useState<"full" | "partial">("full"); const [refundType, setRefundType] = useState<"full" | "partial">("full");
const [refundAmount, setRefundAmount] = useState(""); const [partialAmount, setPartialAmount] = useState("");
const [refundError, setRefundError] = useState<string | null>(null); const [stripeDetails, setStripeDetails] = useState<{ cardLast4: string | null; paymentStatus: string | null; stripeRefundId: string | null } | null>(null);
const [refunding, setRefunding] = useState(false);
// Fetch current staff role to determine manager access // Fetch Stripe details when modal opens for paid invoices with a payment intent
const [staffMe, setStaffMe] = useState<{ role: string; isSuperUser: boolean } | null>(null);
useEffect(() => { useEffect(() => {
fetch("/api/staff/me") if (invoice.status === "paid" && invoice.stripePaymentIntentId) {
.then((r) => r.json()) fetch(`/api/invoices/${invoice.id}/stripe-details`)
.then((d) => setStaffMe(d)) .then((r) => r.ok ? r.json() : null)
.catch(() => setStaffMe(null)); .then((data) => { if (data) setStripeDetails(data); })
}, []); .catch(() => {});
const isManager = staffMe && (staffMe.role === "manager" || staffMe.isSuperUser); } else {
setStripeDetails(null);
}
}, [invoice.id, invoice.status, invoice.stripePaymentIntentId]);
// Tip split state: array of {staffId, staffName, pct} // Tip split state: array of {staffId, staffName, pct}
const linkedAppt = invoice.appointmentId const linkedAppt = invoice.appointmentId
@@ -293,7 +294,7 @@ const [showRefundDialog, setShowRefundDialog] = useState(false);
async function issueRefund() { async function issueRefund() {
const amountCents = refundType === "partial" const amountCents = refundType === "partial"
? Math.round(parseFloat(refundAmount) * 100) ? Math.round(parseFloat(partialAmount) * 100)
: undefined; : undefined;
if (refundType === "partial" && (!amountCents || amountCents <= 0)) { if (refundType === "partial" && (!amountCents || amountCents <= 0)) {
setError("Enter a valid refund amount"); setError("Enter a valid refund amount");
@@ -379,15 +380,15 @@ const [showRefundDialog, setShowRefundDialog] = useState(false);
/> />
{invoice.paidAt && <SummaryRow label="Paid on" value={fmtDate(invoice.paidAt)} />} {invoice.paidAt && <SummaryRow label="Paid on" value={fmtDate(invoice.paidAt)} />}
{invoice.paymentMethod && <SummaryRow label="Payment" value={invoice.paymentMethod} />} {invoice.paymentMethod && <SummaryRow label="Payment" value={invoice.paymentMethod} />}
{invoice.stripePaymentIntentId && ( {stripeDetails && (
<> <>
{invoice.cardLast4 && ( {stripeDetails.cardLast4 && (
<SummaryRow label="Card" value={`•••• ${invoice.cardLast4}`} /> <SummaryRow label="Card" value={`•••• ${stripeDetails.cardLast4}`} />
)} )}
{invoice.paymentStatus && ( {stripeDetails.paymentStatus && (
<SummaryRow label="Stripe status" value={invoice.paymentStatus} /> <SummaryRow label="Stripe status" value={stripeDetails.paymentStatus} />
)} )}
{invoice.stripeRefundId && ( {stripeDetails.stripeRefundId && (
<SummaryRow label="Refund" value="Refunded" /> <SummaryRow label="Refund" value="Refunded" />
)} )}
</> </>
@@ -509,85 +510,77 @@ const [showRefundDialog, setShowRefundDialog] = useState(false);
</div> </div>
)} )}
{(invoice.status === "paid" || invoice.status === "void") && ( {(invoice.status === "paid" || invoice.status === "void") && (
<div style={{ marginTop: "1rem", borderTop: "1px solid #e2e8f0", paddingTop: "1rem" }}> <div style={{ marginTop: "1rem", display: "flex", justifyContent: "flex-end", gap: "0.5rem" }}>
{invoice.stripeRefundId && ( {invoice.status === "paid" && invoice.stripePaymentIntentId && (
<div style={{ marginBottom: "0.75rem", display: "flex", alignItems: "center", gap: "0.5rem" }}> <button
<span style={{ background: "#fef3c7", color: "#92400e", padding: "0.2rem 0.6rem", borderRadius: 4, fontSize: 13, fontWeight: 600 }}>Refunded</span> onClick={() => setShowRefundDialog(true)}
</div> style={{ ...btnStyle, color: "#b45309", borderColor: "#b45309" }}
>
Refund
</button>
)} )}
<div style={{ display: "flex", gap: "0.5rem", justifyContent: "flex-end" }}> <button onClick={onClose} style={btnStyle}>Close</button>
{invoice.status === "paid" && invoice.stripePaymentIntentId && !invoice.stripeRefundId && isManager && (
<button onClick={() => setShowRefundDialog(true)} style={{ ...btnStyle, color: "#fff", backgroundColor: "#7c3aed", borderColor: "#7c3aed" }}>
Refund
</button>
)}
<button onClick={onClose} style={btnStyle}>Close</button>
</div>
</div> </div>
)} )}
{/* Refund Dialog */}
{showRefundDialog && ( {showRefundDialog && (
<div style={{ marginTop: "1rem", border: "1px solid #e2e8f0", borderRadius: 8, padding: "1rem", background: "#f9fafb" }}> <Modal onClose={() => setShowRefundDialog(false)}>
<p style={{ fontWeight: 600, margin: "0 0 0.75rem" }}>Process Refund</p> <h2 style={{ marginTop: 0 }}>Issue Refund</h2>
<div style={{ display: "flex", gap: "0.75rem", marginBottom: "0.75rem" }}> <p style={{ fontSize: 14, color: "#6b7280", marginBottom: "1rem" }}>
<label style={{ display: "flex", alignItems: "center", gap: "0.25rem", cursor: "pointer" }}> Invoice total: <strong>{fmtMoney(invoice.totalCents)}</strong>
<input type="radio" checked={refundType === "full"} onChange={() => setRefundType("full")} /> </p>
<div style={{ marginBottom: "0.75rem" }}>
<label style={{ display: "flex", alignItems: "center", gap: "0.5rem", fontWeight: 600, marginBottom: "0.5rem" }}>
<input
type="radio"
name="refundType"
value="full"
checked={refundType === "full"}
onChange={() => setRefundType("full")}
/>
Full refund Full refund
</label> </label>
<label style={{ display: "flex", alignItems: "center", gap: "0.25rem", cursor: "pointer" }}> <label style={{ display: "flex", alignItems: "center", gap: "0.5rem", fontWeight: 600 }}>
<input type="radio" checked={refundType === "partial"} onChange={() => setRefundType("partial")} /> <input
type="radio"
name="refundType"
value="partial"
checked={refundType === "partial"}
onChange={() => setRefundType("partial")}
/>
Partial refund Partial refund
</label> </label>
</div> </div>
{refundType === "partial" && ( {refundType === "partial" && (
<div style={{ marginBottom: "0.75rem" }}> <div style={{ marginBottom: "1rem" }}>
<input <input
type="number" type="number"
min="0.01" min="0.01"
step="0.01" step="0.01"
placeholder="Amount ($)" placeholder="0.00"
value={refundAmount} value={partialAmount}
onChange={(e) => setRefundAmount(e.target.value)} onChange={(e) => setPartialAmount(e.target.value)}
style={{ ...inputStyle, width: 100 }} style={{ ...inputStyle, width: 120 }}
/> />
</div> </div>
)} )}
{refundError && <p style={{ color: "red", margin: "0 0 0.5rem", fontSize: 13 }}>{refundError}</p>} {error && <p style={{ color: "red", margin: "0.5rem 0" }}>{error}</p>}
<div style={{ display: "flex", gap: "0.5rem" }}> <div style={{ display: "flex", gap: "0.5rem", marginTop: "0.75rem" }}>
<button <button
onClick={async () => { onClick={issueRefund}
setRefunding(true); disabled={saving}
setRefundError(null); style={{ ...btnStyle, backgroundColor: "#b45309", color: "#fff", borderColor: "#b45309" }}
try {
const body = refundType === "partial" ? { amountCents: Math.round(parseFloat(refundAmount) * 100) } : {};
const res = await fetch(`/api/invoices/${invoice.id}/refund`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify(body),
});
if (!res.ok) {
const err = (await res.json()) as { error?: string };
throw new Error(err.error ?? `HTTP ${res.status}`);
}
setShowRefundDialog(false);
onUpdated();
} catch (e: unknown) {
setRefundError(e instanceof Error ? e.message : "Refund failed");
} finally {
setRefunding(false);
}
}}
disabled={refunding}
style={{ ...btnStyle, color: "#fff", backgroundColor: "#7c3aed", borderColor: "#7c3aed" }}
> >
{refunding ? "Processing…" : "Process Refund"} {saving ? "Processing…" : "Issue Refund"}
</button>
<button onClick={() => setShowRefundDialog(false)} style={btnStyle}>
Cancel
</button> </button>
<button onClick={() => { setShowRefundDialog(false); setRefundError(null); }} style={btnStyle}>Cancel</button>
</div> </div>
</div> </Modal>
)} )}
</Modal>
</Modal>
); );
} }
+7
View File
@@ -119,3 +119,10 @@ uri
database-url database-url
{{- end -}} {{- end -}}
{{- end }} {{- end }}
{{/*
Auth secret name always use groombook-auth (sealed secret name)
*/}}
{{- define "groombook.authSecretName" -}}
{{- printf "%s" "groombook-auth" }}
{{- end }}
@@ -50,6 +50,27 @@ spec:
- name: OIDC_AUDIENCE - name: OIDC_AUDIENCE
value: {{ .Values.api.env.oidcAudience | quote }} value: {{ .Values.api.env.oidcAudience | quote }}
{{- end }} {{- end }}
{{- if .Values.api.env.internalBaseUrl }}
- name: OIDC_INTERNAL_BASE
value: {{ .Values.api.env.internalBaseUrl | quote }}
{{- end }}
- name: BETTER_AUTH_URL
value: {{ .Values.api.env.betterAuthUrl | quote }}
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ include "groombook.authSecretName" . }}
key: OIDC_CLIENT_ID
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "groombook.authSecretName" . }}
key: OIDC_CLIENT_SECRET
- name: BETTER_AUTH_SECRET
valueFrom:
secretKeyRef:
name: {{ include "groombook.authSecretName" . }}
key: BETTER_AUTH_SECRET
- name: DATABASE_URL - name: DATABASE_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
+2
View File
@@ -18,6 +18,8 @@ api:
corsOrigin: "" corsOrigin: ""
oidcIssuer: "" oidcIssuer: ""
oidcAudience: groombook oidcAudience: groombook
betterAuthUrl: ""
internalBaseUrl: ""
port: "3000" port: "3000"
service: service:
type: ClusterIP type: ClusterIP
+1 -1
Submodule infra updated: d9486dbfb1...b667a3f005