diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts index 2d93fbd..e663986 100644 --- a/apps/api/src/index.ts +++ b/apps/api/src/index.ts @@ -167,7 +167,6 @@ api.route("/impersonation", impersonationRouter); api.route("/admin/settings", settingsRouter); api.route("/admin/auth-provider", authProviderRouter); api.route("/admin/seed", adminSeedRouter); -api.route("/admin/auth-provider", authProviderRouter); api.route("/search", searchRouter); const port = Number(process.env.PORT ?? 3000); diff --git a/apps/api/src/routes/authProvider.ts b/apps/api/src/routes/authProvider.ts index 4467afa..e53e909 100644 --- a/apps/api/src/routes/authProvider.ts +++ b/apps/api/src/routes/authProvider.ts @@ -19,6 +19,12 @@ const putAuthProviderSchema = z.object({ scopes: z.string().default("openid profile email"), }); +/** Minimal schema for the test endpoint — only issuer/internal URLs are needed for OIDC discovery. */ +const authProviderTestSchema = z.object({ + issuerUrl: z.string().url(), + internalBaseUrl: z.string().url().nullable().optional(), +}); + /** * GET /api/admin/auth-provider * Returns the current provider config with clientSecret redacted. @@ -131,7 +137,7 @@ let encryptedSecret: string; authProviderRouter.post( "/test", requireSuperUser(), - zValidator("json", putAuthProviderSchema.omit({ clientSecret: true })), + zValidator("json", authProviderTestSchema), async (c) => { const body = c.req.valid("json"); diff --git a/apps/web/nginx.conf b/apps/web/nginx.conf index 89955f0..d09ed8d 100644 --- a/apps/web/nginx.conf +++ b/apps/web/nginx.conf @@ -9,15 +9,6 @@ server { add_header Cache-Control "public, immutable"; } - # Proxy API calls to the API service - location /api/ { - proxy_pass http://api:3000/api/; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - # SPA fallback — serve index.html for all routes location / { try_files $uri $uri/ /index.html;