fix sync in local test env

2026-02-21 13:17:07 +01:00 · 2026-02-21 13:17:07 +01:00 · 27880646cc
parent bf3db803ac
commit 27880646cc
6 changed files with 17 additions and 4 deletions
--- a/.claude/settings.local.json
+++ b/.claude/settings.local.json
@ -14,7 +14,9 @@
      "Bash(az webapp config appsettings list:*)",
      "Bash(node:*)",
      "Bash(python3:*)",
-      "Bash(echo:*)"
+      "Bash(echo:*)",
+      "Bash(git -C ka-note check-ignore .env)",
+      "Bash(git -C . check-ignore ka-note/.env)"
    ]
  }
 }
--- a/ka-note/.env.example
+++ b/ka-note/.env.example
@ -1,6 +1,9 @@
 AZURE_CLIENT_ID=<app-registration-client-id>
 AZURE_TENANT_ID=<azure-ad-tenant-id>

+# Set to true for local dev to skip JWT verification (never use in production)
+# DEV_AUTH_BYPASS=true
+
 # Client needs VITE_ prefix — create client/.env with:
 # VITE_AZURE_CLIENT_ID=<same as above>
 # VITE_AZURE_TENANT_ID=<same as above>
--- a/ka-note/server/ka-note.db-shm
+++ b/ka-note/server/ka-note.db-shm
--- a/ka-note/server/ka-note.db-wal
+++ b/ka-note/server/ka-note.db-wal
--- a/ka-note/server/package.json
+++ b/ka-note/server/package.json
@ -4,7 +4,7 @@
  "private": true,
  "type": "module",
  "scripts": {
-    "dev": "node --watch --import tsx/esm src/index.ts",
+    "dev": "node --env-file=../.env --watch --import tsx/esm src/index.ts",
    "build": "tsc",
    "start": "node dist/index.js",
    "db:generate": "drizzle-kit generate",
--- a/ka-note/server/src/middleware/auth.ts
+++ b/ka-note/server/src/middleware/auth.ts
@ -13,14 +13,22 @@ export type AuthEnv = {

 const clientId = process.env.AZURE_CLIENT_ID ?? '';
 const tenantId = process.env.AZURE_TENANT_ID ?? '';
+const devBypass = process.env.DEV_AUTH_BYPASS === 'true';

 const jwksUrl = `https://login.microsoftonline.com/${tenantId}/discovery/v2.0/keys`;
 const issuerV2 = `https://login.microsoftonline.com/${tenantId}/v2.0`;
 const issuerV1 = `https://sts.windows.net/${tenantId}/`;

-const JWKS = createRemoteJWKSet(new URL(jwksUrl));
+const JWKS = devBypass ? null : createRemoteJWKSet(new URL(jwksUrl));

 export const authMiddleware = createMiddleware<AuthEnv>(async (c, next) => {
+  if (devBypass) {
+    console.warn('[auth] DEV_AUTH_BYPASS active — skipping JWT verification');
+    c.set('auth', { userId: 'dev-user', name: 'Dev User', email: 'dev@localhost' });
+    await next();
+    return;
+  }
+
  const authHeader = c.req.header('Authorization');
  if (!authHeader?.startsWith('Bearer ')) {
    return c.json({ error: 'Missing or invalid Authorization header' }, 401);
@ -28,7 +36,7 @@ export const authMiddleware = createMiddleware<AuthEnv>(async (c, next) => {

  const token = authHeader.slice(7);
  try {
-    const { payload } = await jwtVerify(token, JWKS, {
+    const { payload } = await jwtVerify(token, JWKS!, {
      issuer: [issuerV2, issuerV1],
      audience: `api://${clientId}`,
    });