Skip to content

Commit 4457480

Browse files
rschlaeflirschlaefli
committed
app origins
1 parent d0fe09f commit 4457480

44 files changed

Lines changed: 222 additions & 137 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/cypress-testing.yml

Lines changed: 36 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -171,9 +171,15 @@ jobs:
171171
SERVICE_ENDPOINTS: 'http://127.0.0.1:3000/healthz http://127.0.0.1:3001 http://127.0.0.1:3002 http://127.0.0.1:3003 http://127.0.0.1:3010'
172172
TIMEOUT_SECONDS: '300'
173173
CHECK_INTERVAL: '5'
174-
JWT_ISSUER_AUTH: http://127.0.0.1:3010
175-
JWT_ISSUER_API: http://127.0.0.1:3000
176-
JWT_ISSUER_PWA: http://127.0.0.1:3002
174+
# Provide all app origins to the services and tests
175+
APP_ORIGIN_API: http://127.0.0.1:3000
176+
APP_ORIGIN_AUTH: http://127.0.0.1:3010
177+
APP_ORIGIN_LTI: http://127.0.0.1:3005
178+
APP_ORIGIN_PWA: http://127.0.0.1:3001
179+
APP_ORIGIN_MANAGE: http://127.0.0.1:3002
180+
APP_ORIGIN_CONTROL: http://127.0.0.1:3003
181+
APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
182+
APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
177183

178184
- name: Cypress run parallel with cypress-split
179185
uses: cypress-io/github-action@v6
@@ -193,6 +199,15 @@ jobs:
193199
HATCHET_API_URL: http://127.0.0.1:8888
194200
HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
195201
HATCHET_HOST_PORT: 7077
202+
# Ensure Cypress process has all origins, too
203+
APP_ORIGIN_API: http://127.0.0.1:3000
204+
APP_ORIGIN_AUTH: http://127.0.0.1:3010
205+
APP_ORIGIN_LTI: http://127.0.0.1:3005
206+
APP_ORIGIN_PWA: http://127.0.0.1:3001
207+
APP_ORIGIN_MANAGE: http://127.0.0.1:3002
208+
APP_ORIGIN_CONTROL: http://127.0.0.1:3003
209+
APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
210+
APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
196211
SPLIT: ${{ strategy.job-total }}
197212
SPLIT_INDEX: ${{ strategy.job-index }}
198213
SPLIT_FILE: timings.json
@@ -348,9 +363,15 @@ jobs:
348363
SERVICE_ENDPOINTS: 'http://127.0.0.1:3000/healthz http://127.0.0.1:3001 http://127.0.0.1:3002 http://127.0.0.1:3003 http://127.0.0.1:3010'
349364
TIMEOUT_SECONDS: '300'
350365
CHECK_INTERVAL: '5'
351-
JWT_ISSUER_AUTH: http://127.0.0.1:3010
352-
JWT_ISSUER_API: http://127.0.0.1:3000
353-
JWT_ISSUER_PWA: http://127.0.0.1:3002
366+
# Provide all app origins to the services and tests
367+
APP_ORIGIN_API: http://127.0.0.1:3000
368+
APP_ORIGIN_AUTH: http://127.0.0.1:3010
369+
APP_ORIGIN_LTI: http://127.0.0.1:3005
370+
APP_ORIGIN_PWA: http://127.0.0.1:3001
371+
APP_ORIGIN_MANAGE: http://127.0.0.1:3002
372+
APP_ORIGIN_CONTROL: http://127.0.0.1:3003
373+
APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
374+
APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
354375

355376
- name: Upload service logs
356377
if: always()
@@ -383,6 +404,15 @@ jobs:
383404
HATCHET_API_URL: http://127.0.0.1:8888
384405
HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
385406
HATCHET_HOST_PORT: 7077
407+
# Ensure Cypress process has all origins, too
408+
APP_ORIGIN_API: http://127.0.0.1:3000
409+
APP_ORIGIN_AUTH: http://127.0.0.1:3010
410+
APP_ORIGIN_LTI: http://127.0.0.1:3005
411+
APP_ORIGIN_PWA: http://127.0.0.1:3001
412+
APP_ORIGIN_MANAGE: http://127.0.0.1:3002
413+
APP_ORIGIN_CONTROL: http://127.0.0.1:3003
414+
APP_ORIGIN_ASSESSMENT_API: http://127.0.0.1:3000
415+
APP_ORIGIN_ASSESSMENT_PWA: http://127.0.0.1:3001
386416

387417
- if: always()
388418
uses: actions/upload-artifact@v4

.github/workflows/test-graphql.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,4 +128,12 @@ jobs:
128128
HATCHET_API_URL: http://localhost:8888
129129
HATCHET_TENANT_ID: 707d0855-80ab-4e1f-a156-f1c4546cbf52
130130
HATCHET_HOST_PORT: 7077
131-
JWT_ISSUER_API: http://api.klicker.com
131+
# Provide all app origins for consistency
132+
APP_ORIGIN_API: http://api.klicker.com
133+
APP_ORIGIN_AUTH: http://auth.klicker.com
134+
APP_ORIGIN_LTI: http://lti.klicker.com
135+
APP_ORIGIN_PWA: http://pwa.klicker.com
136+
APP_ORIGIN_MANAGE: http://manage.klicker.com
137+
APP_ORIGIN_CONTROL: http://control.klicker.com
138+
APP_ORIGIN_ASSESSMENT_API: http://assessment-api.klicker.com
139+
APP_ORIGIN_ASSESSMENT_PWA: http://assessment.klicker.com

apps/auth/.env.development

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,12 @@ NEXT_PUBLIC_DEFAULT_REDIRECT=https://manage.klicker.com
77
NEXT_PUBLIC_AUTH_URL=https://auth.klicker.com
88
NEXT_PUBLIC_MANAGE_URL="https://manage.klicker.com"
99
NEXT_PUBLIC_ASSESSMENT_URL="https://assessment.klicker.com"
10+
11+
# Local canonical app origins (used by code that reads APP_ORIGIN_*)
12+
# Adjust to 127.0.0.1:ports if you run locally without domains.
13+
APP_ORIGIN_API="http://127.0.0.1:3000"
14+
APP_ORIGIN_PWA="http://127.0.0.1:3001"
15+
APP_ORIGIN_MANAGE="http://127.0.0.1:3002"
16+
APP_ORIGIN_CONTROL="http://127.0.0.1:3003"
17+
APP_ORIGIN_LTI="http://127.0.0.1:3005"
18+
APP_ORIGIN_AUTH="http://127.0.0.1:3010"

apps/auth/src/pages/api/auth/[...nextauth].ts

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -19,10 +19,8 @@ export const PARTICIPANT_COOKIE_NAME = 'next-auth.participant-session-token'
1919
export const APP_SECRET = process.env.APP_SECRET
2020

2121
// Validate required environment variables
22-
if (!process.env.JWT_ISSUER_AUTH) {
23-
console.error(
24-
'JWT_ISSUER_AUTH environment variable is required but not defined'
25-
)
22+
if (!process.env.APP_ORIGIN_AUTH) {
23+
console.error('APP_ORIGIN_AUTH is required but not defined')
2624
process.exit(1)
2725
}
2826

@@ -140,7 +138,7 @@ export async function encode({ token, secret }: JWTEncodeParams) {
140138
const secretString = typeof secret === 'string' ? secret : secret.toString()
141139

142140
return signJWT((token as JWTPayload) ?? {}, secretString, {
143-
issuer: process.env.JWT_ISSUER_AUTH,
141+
issuer: process.env.APP_ORIGIN_AUTH,
144142
})
145143
}
146144

apps/backend-docker/.env.cypress

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,14 @@ APP_MANAGE_SUBDOMAIN="127.0.0.1:3002"
1111
APP_CONTROL_SUBDOMAIN="127.0.0.1:3003"
1212
HATCHET_CLIENT_TOKEN=__HATCHET_CLIENT_TOKEN__
1313
HATCHET_CLIENT_TLS_STRATEGY=none
14-
JWT_ISSUER_AUTH="http://127.0.0.1:3010"
15-
JWT_ISSUER_API="http://127.0.0.1:3000"
16-
JWT_ISSUER_PWA="http://127.0.0.1:3002"
14+
# Legacy issuer vars no longer used; prefer APP_ORIGIN_*
15+
16+
# Canonical app origins (prefer these; issuers fall back to them)
17+
APP_ORIGIN_AUTH="http://127.0.0.1:3010"
18+
APP_ORIGIN_API="http://127.0.0.1:3000"
19+
APP_ORIGIN_LTI="http://127.0.0.1:3005"
20+
APP_ORIGIN_PWA="http://127.0.0.1:3001"
21+
APP_ORIGIN_MANAGE="http://127.0.0.1:3002"
22+
APP_ORIGIN_CONTROL="http://127.0.0.1:3003"
23+
APP_ORIGIN_ASSESSMENT_API="http://127.0.0.1:3000"
24+
APP_ORIGIN_ASSESSMENT_PWA="http://127.0.0.1:3001"

apps/backend-docker/.env.example

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,3 +11,10 @@ APP_MANAGE_SUBDOMAIN="127.0.0.1:3002"
1111
APP_CONTROL_SUBDOMAIN="127.0.0.1:3003"
1212
HATCHET_CLIENT_TOKEN=__HATCHET_CLIENT_TOKEN__
1313
HATCHET_CLIENT_TLS_STRATEGY=none
14+
# Legacy issuer vars no longer used; prefer APP_ORIGIN_*
15+
16+
# Canonical app origins (prefer these; issuers fall back to them)
17+
APP_ORIGIN_AUTH="http://127.0.0.1:3010"
18+
APP_ORIGIN_API="http://127.0.0.1:3000"
19+
APP_ORIGIN_LTI="http://127.0.0.1:3005"
20+
APP_ORIGIN_PWA="http://127.0.0.1:3002"

apps/backend-docker/src/index.ts

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -119,10 +119,8 @@ migrate(prisma).then(() => {
119119
})
120120

121121
// Validate required environment variables at startup
122-
if (!process.env.JWT_ISSUER_API) {
123-
console.error(
124-
'JWT_ISSUER_API environment variable is required but not defined'
125-
)
122+
if (!process.env.APP_ORIGIN_API) {
123+
console.error('APP_ORIGIN_API is required but not defined')
126124
process.exit(1)
127125
}
128126

apps/frontend-control/src/lib/apollo.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,9 @@ function createIsomorphLink() {
7878
let link: ApolloLink = new HttpLink({
7979
uri: isBrowser
8080
? process.env.NEXT_PUBLIC_API_URL
81-
: process.env.NEXT_PUBLIC_API_URL_SSR || process.env.NEXT_PUBLIC_API_URL,
81+
: process.env['API_URL_SSR'] ||
82+
process.env.NEXT_PUBLIC_API_URL_SSR ||
83+
process.env.NEXT_PUBLIC_API_URL,
8284
credentials: 'include',
8385
headers: {
8486
'x-graphql-yoga-csrf': 'true',

apps/frontend-manage/src/lib/apollo.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,9 @@ function createIsomorphLink() {
7979
let link: ApolloLink = new HttpLink({
8080
uri: isBrowser
8181
? process.env.NEXT_PUBLIC_API_URL
82-
: process.env.NEXT_PUBLIC_API_URL_SSR || process.env.NEXT_PUBLIC_API_URL,
82+
: process.env['API_URL_SSR'] ||
83+
process.env.NEXT_PUBLIC_API_URL_SSR ||
84+
process.env.NEXT_PUBLIC_API_URL,
8385
credentials: 'include',
8486
headers: {
8587
'x-graphql-yoga-csrf': 'true',

apps/frontend-pwa/.env.assessment

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,4 @@ NEXT_PUBLIC_AUTH_URL="https://auth.klicker.uzh.ch"
1616
# Enable assessment mode features
1717
NEXT_PUBLIC_IS_ASSESSMENT=true
1818

19-
JWT_ISSUER_PWA=https://assessment.klicker.uzh.ch
19+
APP_ORIGIN_PWA=https://assessment.klicker.uzh.ch

0 commit comments

Comments
 (0)