chore: promote dev→uat for GRO-1592 SSO session cookie fix

- Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merge pull request 'fix(GRO-1592): fallback auth baseURL to window.location.origin' (#15 ) from fix/gro-1592-sso-session-cookie into dev
2026-05-23 14:13:12 +00:00 · 2026-05-23 14:13:01 +00:00 · 2026-05-23 14:02:16 +00:00 · 2026-05-23 13:57:47 +00:00 · 2026-05-21 19:46:41 +00:00 · 2026-05-21 19:46:01 +00:00
15 changed files with 15 additions and 94 deletions
@@ -2,9 +2,9 @@ name: CI

 on:
  push:
-    branches: [main, dev]
+    branches: [main, dev, uat]
  pull_request:
-    branches: [main, dev]
+    branches: [main, dev, uat]
  workflow_dispatch:
    inputs:
      ref:
@@ -18,4 +18,4 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=builder /app/dist /usr/share/nginx/html
 EXPOSE 80
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:80/ || exit 1
+  CMD wget --spider -q http://localhost:80/ || exit 1
@@ -69,6 +69,7 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
 | TC-AUTH-5.3.1 | Auth client falls back to window.location.origin | Do not set `VITE_API_URL`, load app | Auth client uses `window.location.origin` as base URL |
 | TC-AUTH-5.3.2 | Sign-in on localhost | Load app without `VITE_API_URL` on localhost:3000 | Auth client uses `http://localhost:3000` as base URL |
 | TC-AUTH-5.3.3 | Sign-in on dev environment | Load app without `VITE_API_URL` on `https://dev.groombook.dev` | Auth client uses `https://dev.groombook.dev` as base URL |
+| TC-AUTH-5.3.4 | SSO cookie set after Authentik callback (GRO-1592) | Complete Authentik SSO login on UAT without `VITE_API_URL` set | `__Secure-better-auth.session_token` cookie is present in browser; subsequent `/api/*` calls include the cookie and return 200 |

 ### 5.4 Session Persistence

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C853FAECD363909C4A0</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96CFC84D7A9333708F278</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D48D7892E37386B9ACB</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C25663D703833F23607</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D89851C843332073968</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C9C5A03D33730C61AD8</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96BEB91911B30317E3BE8</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96BFB7B92D33535D6D90D</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96B8BDF4B473630A2E120</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D78BFFCAD343037C27C</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -0,0 +1,10 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended", ":pinAllExceptPeerDependencies", "helpers:pinGitHubActionDigests"],
+  "labels": ["dependencies"],
+  "prConcurrentLimit": 5,
+  "packageRules": [
+    {"matchUpdateTypes": ["minor", "patch"], "groupName": "minor and patch dependencies", "automerge": false},
+    {"matchDepTypes": ["devDependencies"], "matchUpdateTypes": ["minor", "patch"], "automerge": true, "automergeType": "pr"}
+  ]
+}
@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";

 export const authClient = createAuthClient({
-  baseURL: import.meta.env.VITE_API_URL ?? "",
+  baseURL: import.meta.env.VITE_API_URL || (typeof window !== "undefined" ? window.location.origin : ""),
 });

 export const { signIn, signOut, useSession, changePassword } = authClient;
Author	SHA1	Message	Date
Chris Farhood	93da2f1dd8	chore: promote dev→uat for GRO-1592 SSO session cookie fix CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Test (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Failing after 41s Details - Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:13:12 +00:00
The Dogfather	80101fc37c	Merge pull request 'fix(GRO-1592): fallback auth baseURL to window.location.origin' (#15 ) from fix/gro-1592-sso-session-cookie into dev CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:01 +00:00
Flea Flicker	8ee58471b2	docs(UAT_PLAYBOOK): add TC-AUTH-5.3.4 — SSO cookie after Authentik callback CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details Documents the acceptance criteria for GRO-1592: after completing Authentik SSO login without VITE_API_URL set, the __Secure-better-auth.session_token cookie must be present in the browser and sent with subsequent /api/* calls. Updated: UAT_PLAYBOOK.md §5.3 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:02:16 +00:00
Flea Flicker	35d31a984d	fix(GRO-1592): fallback auth baseURL to window.location.origin CI / Test (pull_request) Successful in 18s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details When VITE_API_URL is not set (e.g. in Docker/container deployments where the env var was never injected), fallback to window.location.origin so the auth client uses relative URLs and cookies are sent to the correct origin. Previously the fallback was empty string "", which caused the auth client to default to http://localhost:3000 — the nginx sub_filter workaround only handles strings baked into the JS bundle at build time, not runtime-constructed URLs. Fixes: SSO session cookie not set in browser after Authentik callback Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 13:57:47 +00:00
The Dogfather	62cbfe4e43	Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:41 +00:00
The Dogfather	f62c0b112d	Merge pull request 'feat(GRO-1173): admin UI buffer rules, service default buffer, pet size/coat' (#13 ) from flea-flicker/pet-profile-editor into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 10s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Image (pull_request) Successful in 10s Details feat(GRO-1173): admin UI buffer rules, service default buffer, pet size/coat (#13) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:01 +00:00
The Dogfather	56b11befe9	Merge pull request 'feat(GRO-1174): add pet size/coat dropdowns to booking wizard' (#8 ) from flea-flicker/pet-profile-editor into dev CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 37s Details test merge	2026-05-21 00:43:10 +00:00
Scrubs McBarkley	f70dd96c65	Merge pull request 'feat: extract groombook/web from monorepo (GRO-903)' (#1 ) from dev into main CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Successful in 14s Details feat: extract groombook/web from monorepo (GRO-903) Bootstrap exception: dev → main QA: Lint Roller (#2753) CTO: The Dogfather (#2764) CI: Lint & Typecheck ✓, Tests ✓, Docker Build ✓ UAT_PLAYBOOK.md: present	2026-05-20 15:26:27 +00:00
Chris Farhood	42f3e3211a	fix(GRO-903): resolve CI/CD blockers on groombook/web PR #1 CI / Test (push) Successful in 15s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 10s Details CI / Build & Push Docker Image (pull_request) Successful in 11s Details - Move CI workflow from .github/workflows/ to .gitea/workflows/ - Add uat branch to CI triggers (push and pull_request) - Fix Dockerfile HEALTHCHECK to use wget instead of curl Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 15:01:46 +00:00
Chris Farhood	465db89ab4	fix(GRO-1361): remove unused X import and delete corrupted demo-pet images CI / Test (push) Successful in 16s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Image (pull_request) Successful in 41s Details CI / Build & Push Docker Image (push) Successful in 2m55s Details - Remove unused 'X' import from lucide-react in PetProfiles.tsx - Delete 10 corrupted demo-pet PNG files that contain Alibaba AccessDenied XML Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 14:09:20 +00:00
The Dogfather	db6a2a1bbf	Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11 ) from dev into uat promote: dev → uat (Renovate config, GRO-1081) Merge PR #11: dev → uat promotion Includes: chore: add Renovate config (GRO-1081)	2026-05-20 12:42:04 +00:00
The Dogfather	ee7fc2e9bf	Merge pull request 'chore: add Renovate config (GRO-1081)' (#4 ) from add-renovate-config into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Failing after 17s Details CI / Build & Push Docker Image (push) Has been skipped Details CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Failing after 18s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details chore: add Renovate config (GRO-1081) Merge PR #4: add-renovate-config → dev Approved by QA (Lint Roller) and CTO (The Dogfather).	2026-05-20 12:41:45 +00:00
The Dogfather	032a3796ba	Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10 ) from dev into uat chore: promote dev to uat (CI Docker registry fix) (#10) Promotes GRO-1348 CI registry fix to UAT.	2026-05-20 11:17:21 +00:00
The Dogfather	c8610ec28d	Merge pull request 'fix(ci): use Gitea registry for Docker push' (#9 ) from fix/ci-registry-auth into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Failing after 17s Details CI / Build & Push Docker Image (push) Has been skipped Details CI / Lint & Typecheck (pull_request) Failing after 17s Details CI / Test (pull_request) Successful in 13s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details fix(ci): use Gitea registry for Docker push (#9) GRO-1348 - Change Docker login from ghcr.io/GITHUB_TOKEN to git.farh.net/REGISTRY_TOKEN - Update image tags from ghcr.io/groombook/web to git.farh.net/groombook/web - Replace GitHub Actions cache with registry cache	2026-05-20 11:17:01 +00:00
Chris Farhood	a582bd04b7	fix(ci): use Gitea registry for Docker push CI / Lint & Typecheck (pull_request) Failing after 18s Details CI / Test (pull_request) Successful in 15s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details - Change Docker login from ghcr.io/GITHUB_TOKEN to git.farh.net/REGISTRY_TOKEN - Update image tags from ghcr.io/groombook/web to git.farh.net/groombook/web - Replace GitHub Actions cache (type=gha) with registry cache - Remove GitHub Actions-specific permissions block - GRO-1348 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 10:57:02 +00:00
the-dogfather-cto[bot]	cac8fc947e	chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md	2026-05-14 21:13:56 +00:00
Chris Farhood	b8a9e8cc09	chore: add Renovate config GRO-1081: add renovate.json to successor repos Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-14 17:42:22 +00:00
the-dogfather-cto[bot]	592be1301c	chore: promote dev to uat (#3 ) chore: promote dev to uat	2026-05-11 13:19:33 +00:00