ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
c6b6f8faeca759c2ecf7fc0018089295600a7440
dezky/apps/operator/pages/not-authorized.vue
T
Ronni Baslund 0840efb759 fix(operator,portal): env-driven sign-out URLs + host labels (no more .local in prod) 
Operator sign-out hardcoded the dev Authentik end-session URL, so prod
logout landed on auth.dezky.local. Mirror the portal's env-driven pattern
(NUXT_PUBLIC_AUTH_URL/NUXT_PUBLIC_OPERATOR_URL with .local fallbacks).
Expose authUrl/operatorUrl via public runtimeConfig and use them for the
Authentik admin links and the cosmetic host labels (sidebar, eyebrows,
auth-page hints). Portal: signed-out + webmail copy now derive their hosts
from runtime config (new public.mailUrl, NUXT_PUBLIC_MAIL_URL in prod).
2026-06-10 19:51:25 +02:00

132 lines
3.3 KiB
Vue
Raw Blame History

<script setup lang="ts">
const operatorHost = new URL(useRuntimeConfig().public.operatorUrl).host
// Shown when an authenticated-but-non-operator session reaches the operator
// portal (see middleware/require-platform-admin.global.ts). The account is
// valid in Authentik but lacks platformAdmin — e.g. a partner or tenant user
// who completed the dezky-operator OIDC flow.
//
// We do NOT leave them parked here with a live session: that's the
// shared-workstation risk the full-sign-out rule guards against. We trigger the
// same full sign-out the UserMenu uses — clearing both the local
// nuxt-oidc-auth session and the Authentik IdP session (so this also ends their
// SSO session in any other tab — intended for an elevated context).
//
// A short delay lets them actually read why before the redirect through
// Authentik fires; the button is an immediate-out fallback. The timer is
// cleared on unmount so a manual click can't double-fire it.
definePageMeta({ layout: 'blank', auth: false, oidcAuth: { enabled: false } })
const SIGN_OUT_DELAY_MS = 2200
function signOut() {
return navigateTo('/api/auth/sign-out', { external: true })
}
onMounted(() => {
const timer = setTimeout(signOut, SIGN_OUT_DELAY_MS)
onBeforeUnmount(() => clearTimeout(timer))
})
</script>
<template>
<div class="shell">
<div class="card">
<div class="badge">
<UiIcon name="shield" :size="22" />
</div>
<p class="eyebrow">dezky · ops</p>
<h1>Not an operator account</h1>
<p class="lead">
This account doesn't have operator access. For your security we're
signing you out completely sign in with an operator account to
continue.
</p>
<button class="primary" type="button" @click="signOut">Sign out now</button>
<p class="hint">{{ operatorHost }}</p>
</div>
</div>
</template>
<style scoped>
.shell {
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 32px;
background: var(--bg);
}
.card {
background: var(--surface);
border: 1px solid var(--border);
border-radius: 12px;
padding: 36px 36px 32px;
width: 100%;
max-width: 420px;
text-align: center;
box-shadow: 0 24px 60px rgba(0, 0, 0, 0.4);
}
.badge {
width: 48px;
height: 48px;
border-radius: 12px;
display: inline-flex;
align-items: center;
justify-content: center;
background: rgba(240, 88, 88, 0.12);
color: var(--bad);
margin: 0 auto 16px;
}
.eyebrow {
font-family: var(--font-mono);
font-size: 11px;
letter-spacing: 0.18em;
text-transform: uppercase;
color: var(--text-mute);
margin: 0 0 10px 0;
}
h1 {
font-family: var(--font-display);
font-weight: 600;
font-size: 24px;
letter-spacing: -0.02em;
line-height: 1.15;
margin: 0;
}
.lead {
font-size: 13px;
color: var(--text-dim);
line-height: 1.55;
margin: 14px 0 26px;
}
.primary {
display: block;
width: 100%;
height: 42px;
background: var(--accent);
color: var(--accent-fg);
border: none;
border-radius: 7px;
font-weight: 600;
font-size: 13px;
font-family: inherit;
cursor: pointer;
}
.primary:hover { filter: brightness(0.96); }
.hint {
font-family: var(--font-mono);
font-size: 10px;
letter-spacing: 0.06em;
color: var(--text-mute);
margin: 22px 0 0 0;
}
</style>
Reference in New Issue View Git Blame Copy Permalink