dezky

ronnibaslund/dezky

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ronni Baslund	17ffd95a70	chore(portal,operator): upgrade to Nuxt 4 Upgrade both Nuxt apps to Nuxt 4.4.6 (vue-tsc 3, TypeScript 5.6, undici 7) and add a root tsconfig.json to each app. Fix the strict-null / noUncheckedIndexedAccess errors surfaced by Nuxt 4's stricter generated tsconfig and vue-tsc 3. Drop the nuxt-oidc-auth pnpm patch (Nuxt 4 fixes the prepare:types crash natively).	2026-05-30 08:02:43 +02:00
Ronni Baslund	7f8516295c	feat(portal): useFeatureFlag composable + /api/flags/evaluate proxy Client-side helper for the portal to consume feature flags. Hits platform-api through a new portal-side proxy that derives the tenant slug from the signed-in user's JWT groups — so callers don't pass a slug, they just check `useFeatureFlag('key')`. apps/portal/server/api/flags/evaluate.post.ts: - Reads access token from the nuxt-oidc-auth session - Decodes the JWT and picks the first non-admin group as the tenant slug (admin groups: dezky-platform-admins, "authentik Admins"). Filters duplicates Authentik double-lists via policy bindings. - Forwards { tenantSlug } to platform-api POST /flags/evaluate - Caller can still pass an explicit tenantSlug in the request body to override the auto-derivation (rare). apps/portal/composables/useFeatureFlag.ts: - Singleton module-level state shared across every component — one bulk eval per session, not one per flag check - `useFeatureFlag(key)` → ComputedRef<boolean>, lazily triggers the first eval, fail-closed (every flag stays false on error) - `useFeatureFlags()` → { flags, ready, pending, refresh } for the rare case where you need the full map or want to re-evaluate (long-lived session, admin flipped a flag mid-flight) - Returns refs that update once the bulk eval lands; gated UI stays hidden during the ~25ms round trip apps/portal/nuxt.config.ts: - Vite 7 `server.allowedHosts` set to ['app.dezky.local'] — same fix we already shipped on the operator side; without it, the proxy returned a plaintext 403 "Blocked request" instead of forwarding. Verified end-to-end: signed in to app.dezky.local, hit /api/flags/evaluate with no body → 200 with the full truth map (same shape as the operator's direct eval), latency ~25ms, explicit-slug override returns identical results.	2026-05-24 19:26:55 +02:00

Author

SHA1

Message

Date

Ronni Baslund

17ffd95a70

chore(portal,operator): upgrade to Nuxt 4

Upgrade both Nuxt apps to Nuxt 4.4.6 (vue-tsc 3, TypeScript 5.6, undici 7) and add a root tsconfig.json to each app. Fix the strict-null / noUncheckedIndexedAccess errors surfaced by Nuxt 4's stricter generated tsconfig and vue-tsc 3. Drop the nuxt-oidc-auth pnpm patch (Nuxt 4 fixes the prepare:types crash natively).

2026-05-30 08:02:43 +02:00

Ronni Baslund

7f8516295c

feat(portal): useFeatureFlag composable + /api/flags/evaluate proxy

Client-side helper for the portal to consume feature flags. Hits platform-api
through a new portal-side proxy that derives the tenant slug from the
signed-in user's JWT groups — so callers don't pass a slug, they just check
`useFeatureFlag('key')`.

apps/portal/server/api/flags/evaluate.post.ts:
- Reads access token from the nuxt-oidc-auth session
- Decodes the JWT and picks the first non-admin group as the tenant slug
  (admin groups: dezky-platform-admins, "authentik Admins"). Filters
  duplicates Authentik double-lists via policy bindings.
- Forwards { tenantSlug } to platform-api POST /flags/evaluate
- Caller can still pass an explicit tenantSlug in the request body to
  override the auto-derivation (rare).

apps/portal/composables/useFeatureFlag.ts:
- Singleton module-level state shared across every component — one bulk
  eval per session, not one per flag check
- `useFeatureFlag(key)` → ComputedRef<boolean>, lazily triggers the first
  eval, fail-closed (every flag stays false on error)
- `useFeatureFlags()` → { flags, ready, pending, refresh } for the rare
  case where you need the full map or want to re-evaluate (long-lived
  session, admin flipped a flag mid-flight)
- Returns refs that update once the bulk eval lands; gated UI stays
  hidden during the ~25ms round trip

apps/portal/nuxt.config.ts:
- Vite 7 `server.allowedHosts` set to ['app.dezky.local'] — same fix we
  already shipped on the operator side; without it, the proxy returned a
  plaintext 403 "Blocked request" instead of forwarding.

Verified end-to-end: signed in to app.dezky.local, hit /api/flags/evaluate
with no body → 200 with the full truth map (same shape as the operator's
direct eval), latency ~25ms, explicit-slug override returns identical
results.

2026-05-24 19:26:55 +02:00

2 Commits