fix sync in local test env
This commit is contained in:
parent
bf3db803ac
commit
27880646cc
|
|
@ -14,7 +14,9 @@
|
||||||
"Bash(az webapp config appsettings list:*)",
|
"Bash(az webapp config appsettings list:*)",
|
||||||
"Bash(node:*)",
|
"Bash(node:*)",
|
||||||
"Bash(python3:*)",
|
"Bash(python3:*)",
|
||||||
"Bash(echo:*)"
|
"Bash(echo:*)",
|
||||||
|
"Bash(git -C ka-note check-ignore .env)",
|
||||||
|
"Bash(git -C . check-ignore ka-note/.env)"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
AZURE_CLIENT_ID=<app-registration-client-id>
|
AZURE_CLIENT_ID=<app-registration-client-id>
|
||||||
AZURE_TENANT_ID=<azure-ad-tenant-id>
|
AZURE_TENANT_ID=<azure-ad-tenant-id>
|
||||||
|
|
||||||
|
# Set to true for local dev to skip JWT verification (never use in production)
|
||||||
|
# DEV_AUTH_BYPASS=true
|
||||||
|
|
||||||
# Client needs VITE_ prefix — create client/.env with:
|
# Client needs VITE_ prefix — create client/.env with:
|
||||||
# VITE_AZURE_CLIENT_ID=<same as above>
|
# VITE_AZURE_CLIENT_ID=<same as above>
|
||||||
# VITE_AZURE_TENANT_ID=<same as above>
|
# VITE_AZURE_TENANT_ID=<same as above>
|
||||||
|
|
|
||||||
Binary file not shown.
Binary file not shown.
|
|
@ -4,7 +4,7 @@
|
||||||
"private": true,
|
"private": true,
|
||||||
"type": "module",
|
"type": "module",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"dev": "node --watch --import tsx/esm src/index.ts",
|
"dev": "node --env-file=../.env --watch --import tsx/esm src/index.ts",
|
||||||
"build": "tsc",
|
"build": "tsc",
|
||||||
"start": "node dist/index.js",
|
"start": "node dist/index.js",
|
||||||
"db:generate": "drizzle-kit generate",
|
"db:generate": "drizzle-kit generate",
|
||||||
|
|
|
||||||
|
|
@ -13,14 +13,22 @@ export type AuthEnv = {
|
||||||
|
|
||||||
const clientId = process.env.AZURE_CLIENT_ID ?? '';
|
const clientId = process.env.AZURE_CLIENT_ID ?? '';
|
||||||
const tenantId = process.env.AZURE_TENANT_ID ?? '';
|
const tenantId = process.env.AZURE_TENANT_ID ?? '';
|
||||||
|
const devBypass = process.env.DEV_AUTH_BYPASS === 'true';
|
||||||
|
|
||||||
const jwksUrl = `https://login.microsoftonline.com/${tenantId}/discovery/v2.0/keys`;
|
const jwksUrl = `https://login.microsoftonline.com/${tenantId}/discovery/v2.0/keys`;
|
||||||
const issuerV2 = `https://login.microsoftonline.com/${tenantId}/v2.0`;
|
const issuerV2 = `https://login.microsoftonline.com/${tenantId}/v2.0`;
|
||||||
const issuerV1 = `https://sts.windows.net/${tenantId}/`;
|
const issuerV1 = `https://sts.windows.net/${tenantId}/`;
|
||||||
|
|
||||||
const JWKS = createRemoteJWKSet(new URL(jwksUrl));
|
const JWKS = devBypass ? null : createRemoteJWKSet(new URL(jwksUrl));
|
||||||
|
|
||||||
export const authMiddleware = createMiddleware<AuthEnv>(async (c, next) => {
|
export const authMiddleware = createMiddleware<AuthEnv>(async (c, next) => {
|
||||||
|
if (devBypass) {
|
||||||
|
console.warn('[auth] DEV_AUTH_BYPASS active — skipping JWT verification');
|
||||||
|
c.set('auth', { userId: 'dev-user', name: 'Dev User', email: 'dev@localhost' });
|
||||||
|
await next();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const authHeader = c.req.header('Authorization');
|
const authHeader = c.req.header('Authorization');
|
||||||
if (!authHeader?.startsWith('Bearer ')) {
|
if (!authHeader?.startsWith('Bearer ')) {
|
||||||
return c.json({ error: 'Missing or invalid Authorization header' }, 401);
|
return c.json({ error: 'Missing or invalid Authorization header' }, 401);
|
||||||
|
|
@ -28,7 +36,7 @@ export const authMiddleware = createMiddleware<AuthEnv>(async (c, next) => {
|
||||||
|
|
||||||
const token = authHeader.slice(7);
|
const token = authHeader.slice(7);
|
||||||
try {
|
try {
|
||||||
const { payload } = await jwtVerify(token, JWKS, {
|
const { payload } = await jwtVerify(token, JWKS!, {
|
||||||
issuer: [issuerV2, issuerV1],
|
issuer: [issuerV2, issuerV1],
|
||||||
audience: `api://${clientId}`,
|
audience: `api://${clientId}`,
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue