fix(portal-bff): use the real portal-admin dev port (4300) in admin-flow references #131

Merged
julien merged 2 commits from fix/portal-admin-dev-port-references into main 2026-05-14 15:40:08 +02:00
Owner

Summary

PR #129 (feat(portal-bff): distinct admin session + /api/admin/auth flow) baked 4201 into a handful of comments, test fixtures, and the .env.example as the portal-admin dev port. The actual port wired in apps/portal-admin/project.json serve.options.port is 4300 — that's what pnpm nx serve portal-admin listens on.

This PR aligns the references so a contributor copying values from .env.example (or reading the test fixtures) sees the same port their browser is going to hit.

It also drops http://localhost:4300 into CORS_ALLOWED_ORIGINS — the portal-admin SPA will hit the BFF with credentials as soon as the admin auth flow is exercised end-to-end, and without the origin in the allowlist the browser blocks the call. Better to set the right example now than have the next contributor chase a CORS error.

Touched

  • apps/portal-bff/.env.example:
    • ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI default + the surrounding comment now point at http://localhost:4300/.
    • CORS_ALLOWED_ORIGINS example lists both :4200 (portal-shell) and :4300 (portal-admin).
    • Both sections cite apps/<app>/project.json serve.options.port as the source of truth so a future reader doesn't have to grep.
  • apps/portal-bff/src/config/check-cors-allowlist.ts — stale doc-comment that pre-dated the portal-admin scaffolding, now matches reality.
  • Test-fixture adminPostLogoutRedirectUri values in auth.module.spec.ts, auth.controller.spec.ts, auth.service.spec.ts, admin-auth.controller.spec.ts, check-entra-config.spec.ts — tests don't depend on the port; aligned for clarity only.

Test plan

  • grep -rn 4201 apps/ libs/ → empty.
  • pnpm nx test portal-bff278 specs pass (unchanged from #129; this PR only touches strings).
  • No behaviour change in the BFF; only the example values shift. Developers must update their local .env to pick up the new port + origin.

Notes for the reviewer

The two new env vars from #129 (ENTRA_ADMIN_REDIRECT_URI, ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI) plus the existing CORS_ALLOWED_ORIGINS are mandatory at boot. If your local apps/portal-bff/.env still has the 4201 value, the BFF will still start (any valid URL passes the validators) — but admin logout will 302 you to a port nothing is listening on, and the admin SPA's BFF calls will fail CORS. Update to 4300 to match the actual portal-admin dev server.

## Summary PR #129 (`feat(portal-bff): distinct admin session + /api/admin/auth flow`) baked `4201` into a handful of comments, test fixtures, and the `.env.example` as the portal-admin dev port. The actual port wired in [apps/portal-admin/project.json](apps/portal-admin/project.json#L87) `serve.options.port` is **4300** — that's what `pnpm nx serve portal-admin` listens on. This PR aligns the references so a contributor copying values from `.env.example` (or reading the test fixtures) sees the same port their browser is going to hit. It also drops `http://localhost:4300` into `CORS_ALLOWED_ORIGINS` — the portal-admin SPA will hit the BFF with credentials as soon as the admin auth flow is exercised end-to-end, and without the origin in the allowlist the browser blocks the call. Better to set the right example now than have the next contributor chase a CORS error. ## Touched - [apps/portal-bff/.env.example](apps/portal-bff/.env.example): - `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI` default + the surrounding comment now point at `http://localhost:4300/`. - `CORS_ALLOWED_ORIGINS` example lists both `:4200` (portal-shell) and `:4300` (portal-admin). - Both sections cite `apps/<app>/project.json` `serve.options.port` as the source of truth so a future reader doesn't have to grep. - [apps/portal-bff/src/config/check-cors-allowlist.ts](apps/portal-bff/src/config/check-cors-allowlist.ts) — stale doc-comment that pre-dated the portal-admin scaffolding, now matches reality. - Test-fixture `adminPostLogoutRedirectUri` values in `auth.module.spec.ts`, `auth.controller.spec.ts`, `auth.service.spec.ts`, `admin-auth.controller.spec.ts`, `check-entra-config.spec.ts` — tests don't depend on the port; aligned for clarity only. ## Test plan - [x] `grep -rn 4201 apps/ libs/` → empty. - [x] `pnpm nx test portal-bff` — **278 specs pass** (unchanged from #129; this PR only touches strings). - [x] No behaviour change in the BFF; only the example values shift. Developers must update their local `.env` to pick up the new port + origin. ## Notes for the reviewer The two new env vars from #129 (`ENTRA_ADMIN_REDIRECT_URI`, `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI`) plus the existing `CORS_ALLOWED_ORIGINS` are mandatory at boot. If your local `apps/portal-bff/.env` still has the `4201` value, the BFF will still start (any valid URL passes the validators) — but admin logout will 302 you to a port nothing is listening on, and the admin SPA's BFF calls will fail CORS. Update to `4300` to match the actual portal-admin dev server.
julien added 2 commits 2026-05-14 15:39:29 +02:00
PR #129 baked `4201` into a few comments and test fixtures as the
admin SPA's dev port. The actual port wired in
`apps/portal-admin/project.json` `serve.options.port` is `4300` — the
Nx serve target listens on 4300 in dev. Aligning the references so a
contributor reading `.env.example` or the test fixtures sees the same
number their browser is hitting.

Touched:
- `apps/portal-bff/.env.example` — `ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI`
  default + the surrounding comment.
- `apps/portal-bff/src/config/check-cors-allowlist.ts` — stale
  doc-comment that pre-dated the portal-admin scaffolding.
- `auth.module.spec.ts`, `auth.controller.spec.ts`,
  `auth.service.spec.ts`, `admin-auth.controller.spec.ts`,
  `check-entra-config.spec.ts` — fixture `adminPostLogoutRedirectUri`
  values. Tests don't depend on the port; aligned for clarity only.

No behaviour change. 278 specs still pass.
fix(portal-bff): add portal-admin :4300 to CORS_ALLOWED_ORIGINS in .env.example
CI / commits (pull_request) Successful in 2m51s
CI / scan (pull_request) Successful in 3m0s
CI / check (pull_request) Successful in 3m9s
CI / a11y (pull_request) Successful in 3m2s
CI / perf (pull_request) Successful in 6m19s
986c3acea1
Caught while reviewing the previous port-correction commit on this
branch. The CORS section still pointed to "Add :4201 once portal-admin
grows its own dev server" — but portal-admin has its dev server (on
:4300, not :4201), and the SPA will hit the BFF with credentials as
soon as the admin auth flow lands. Without the origin in the allowlist
the browser blocks the call and the developer chases a CORS error
instead of getting to work.

Updates the example to list both dev origins and points at
`apps/<app>/project.json` `serve.options.port` as the source of truth
so future readers don't have to grep for it.

Local `.env` is on the developer to update — this only touches
`.env.example`. Behaviour change is opt-in.
julien merged commit 77343e3113 into main 2026-05-14 15:40:08 +02:00
julien deleted branch fix/portal-admin-dev-port-references 2026-05-14 15:40:10 +02:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: julien/apf_portal#131