feat(api): DB-first auth config loading with env-var fallback (GRO-389) #212

Merged

groombook-engineer[bot] merged 1 commits from feat/gro-389-auth-config into main

2026-04-02 19:58:17 +00:00

Author	SHA1	Message	Date
groombook-engineer[bot]	ee47a445df	feat(api): DB-first auth config loading with env-var fallback (GRO-389) Refactor auth initialization to support three config states: 1. DB config (auth_provider_config table) — primary source 2. OIDC_* env vars — fallback when DB config absent 3. Unconfigured — graceful handling when neither source available Changes: - auth.ts: Add initAuth() async factory, getAuth() getter, getAuthPromise() - index.ts: Call initAuth() at startup before serve() - middleware/auth.ts: Use getAuth() instead of direct auth import - Add auth.test.ts covering all three config states Preserves AUTH_DISABLED=true behavior and original hairpin NAT pattern. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-02 19:24:08 +00:00

Author

SHA1

Message

Date

groombook-engineer[bot]

ee47a445df

feat(api): DB-first auth config loading with env-var fallback (GRO-389)

Refactor auth initialization to support three config states:
1. DB config (auth_provider_config table) — primary source
2. OIDC_* env vars — fallback when DB config absent
3. Unconfigured — graceful handling when neither source available

Changes:
- auth.ts: Add initAuth() async factory, getAuth() getter, getAuthPromise()
- index.ts: Call initAuth() at startup before serve()
- middleware/auth.ts: Use getAuth() instead of direct auth import
- Add auth.test.ts covering all three config states

Preserves AUTH_DISABLED=true behavior and original hairpin NAT pattern.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-02 19:24:08 +00:00

feat(api): DB-first auth config loading with env-var fallback (GRO-389) #212

1 Commits