fix(logout): drive portal-host prefix from required SMB_NAME env#11
Open
awais786 wants to merge 4 commits into
Open
fix(logout): drive portal-host prefix from required SMB_NAME env#11awais786 wants to merge 4 commits into
awais786 wants to merge 4 commits into
Conversation
The logout redirect hardcoded "foss." as the portal-host prefix in auth.cljs. That broke silently when the deployment moved from foss.* to moneta.* in the askii.ai cutover. Make the prefix env-driven via a required SMB_NAME var (no default under SSO — nginx-entrypoint.sh exits non-zero at startup if AUTH_TYPE=SSO and SMB_NAME is unset, instead of silently rendering the wrong portal host at logout). Same Pattern B2 plumbing as MPASS_SIGNOUT_URL: - config.js: //var penpotSmbName = "" placeholder - nginx-entrypoint.sh: update_smb_name substitutes from $SMB_NAME - app.config: (def smb-name (obj/get global "penpotSmbName")) - app.main.data.auth: read cf/smb-name and interpolate into the regex Container env name (SMB_NAME) is uniform across every devstack app behind ForwardAuth. See sso-rules RULES.md section 1 Logout. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
jawad-khan
force-pushed
the
fix/logout-smb-name
branch
from
770377b to
220938b
Compare
Drops the cf/smb-name read on the SPA logout path. The previous approach required threading SMB_NAME through devstack docker-compose env → nginx-entrypoint.sh substitution into config.js → cljs cf alias; any broken link silently routed logout to the wrong host or crashed. Switching to a regex on js/location host removes the env dependency and works for any `<prefix>-<app>.<domain>` shape: - foss-design.local.moneta.dev → foss.local.moneta.dev - moneta-design.askii.ai → moneta.askii.ai The cf/smb-name declaration and nginx-entrypoint.sh plumbing are now dead; will be removed in a separate cleanup pass.
Cleanup follow-up to 99f36f6 — the regex-based portal-host derivation no longer reads cf/smb-name, so the runtime config plumbing is dead: - docker/images/files/config.js: remove placeholder declaration - docker/images/files/nginx-entrypoint.sh: remove envsubst block - frontend/src/app/config.cljs: remove smb-name def
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
"foss."as the portal-host prefix atfrontend/src/app/main/data/auth.cljs:266. Silently broke when the deployment moved fromfoss.*tomoneta.*in the askii.ai cutover.SMB_NAMEenv var (no default under SSO —nginx-entrypoint.shexits non-zero at startup ifAUTH_TYPE=SSOandSMB_NAMEis unset).MPASS_SIGNOUT_URL: placeholder inconfig.js, runtime substitution innginx-entrypoint.sh, exposed viaapp.config/smb-name.Why
Hardcoded prefixes silently break domain cutovers. Container env name (
SMB_NAME) is uniform across every devstack app behind ForwardAuth — see sso-rules RULES.md §1 Logout.Files changed
docker/images/files/config.js—//var penpotSmbName = "";placeholderdocker/images/files/nginx-entrypoint.sh—update_smb_namesubstitution + fail-fast under SSOfrontend/src/app/config.cljs—(def smb-name ...)frontend/src/app/main/data/auth.cljs— interpolatecf/smb-nameinto the regexTest plan
SMB_NAME=moneta+AUTH_TYPE=SSO; verify logout lands onmoneta.<domain>SMB_NAMEwithAUTH_TYPE=SSO; verify the frontend container fails to start with a clear error messageSMB_NAMEwithout SSO; verify startup still succeeds (no SSO logout path exercised)🤖 Generated with Claude Code