ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix(operator,portal): env-driven sign-out URLs + host labels (no more .local in prod)

Browse Source 
Operator sign-out hardcoded the dev Authentik end-session URL, so prod
logout landed on auth.dezky.local. Mirror the portal's env-driven pattern
(NUXT_PUBLIC_AUTH_URL/NUXT_PUBLIC_OPERATOR_URL with .local fallbacks).
Expose authUrl/operatorUrl via public runtimeConfig and use them for the
Authentik admin links and the cosmetic host labels (sidebar, eyebrows,
auth-page hints). Portal: signed-out + webmail copy now derive their hosts
from runtime config (new public.mailUrl, NUXT_PUBLIC_MAIL_URL in prod).
This commit is contained in:
Ronni Baslund
2026-06-10 19:51:25 +02:00
parent 45ed282eed
commit 0840efb759
14 changed files with 41 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/operator/server/api/auth/sign-out.get.ts
+8 -3
View File
@@ -10,15 +10,20 @@
// 3. 302 the BROWSER through Authentik's dezky-operator end-session URL
// with post_logout_redirect_uri=/signed-out.
//
// The brief URL-bar flash to auth.dezky.local is unavoidable: that's the
// The brief URL-bar flash to the Authentik host is unavoidable: that's the
// only host that can clear the Authentik session cookie (server-to-server
// invalidation alone leaves the browser cookie, which would let the next
// visit silently re-authorize).
import { getUserSession, clearUserSession } from 'nuxt-oidc-auth/runtime/server/utils/session.js'
const END_SESSION = 'https://auth.dezky.local/application/o/dezky-operator/end-session/'
const POST_LOGOUT_REDIRECT = 'https://operator.dezky.local/signed-out'
// Environment-driven so one build serves dev (.local) and prod (.eu) — same
// pattern as the customer portal's sign-out.
const AUTH_URL = (process.env.NUXT_PUBLIC_AUTH_URL || 'https://auth.dezky.local').replace(/\/$/, '')
const OPERATOR_URL = (process.env.NUXT_PUBLIC_OPERATOR_URL || 'https://operator.dezky.local').replace(/\/$/, '')
const OIDC_APP_SLUG = process.env.OPERATOR_OIDC_APP_SLUG || 'dezky-operator'
const END_SESSION = `${AUTH_URL}/application/o/${OIDC_APP_SLUG}/end-session/`
const POST_LOGOUT_REDIRECT = `${OPERATOR_URL}/signed-out`
export default defineEventHandler(async (event) => {
const session = await getUserSession(event).catch(() => ({} as any))