fix(portal-bff): use the real portal-admin dev port (4300) in admin-flow references #131

Merged
julien merged 2 commits from fix/portal-admin-dev-port-references into main 2026-05-14 15:40:08 +02:00
7 changed files with 15 additions and 12 deletions
+7 -5
View File
@@ -67,9 +67,10 @@ ENTRA_POST_LOGOUT_REDIRECT_URI=http://localhost:4200/
# session. Both `ENTRA_REDIRECT_URI` and `ENTRA_ADMIN_REDIRECT_URI`
# must be registered in the same Entra app registration's
# "Redirect URIs" list. Distinct post-logout URL routes admin
# sign-outs to the admin SPA's landing page (port 4201 in dev).
# sign-outs to the admin SPA's landing page (port 4300 in dev — see
# apps/portal-admin/project.json `serve.options.port`).
ENTRA_ADMIN_REDIRECT_URI=http://localhost:3000/api/admin/auth/callback
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4201/
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI=http://localhost:4300/
# Cookie signing secret (per ADR-0009 §"Cookies"). Used to sign the
# transient pre-auth cookie that carries the OIDC `state` + PKCE
@@ -132,9 +133,10 @@ LOG_USER_ID_SALT=replace_with_32_random_bytes_base64url
# defaulting to localhost is the classic "works in dev, breaks in
# prod" trap.
#
# Local dev: the portal-shell dev server on :4200. Add :4201 once
# portal-admin grows its own dev server.
CORS_ALLOWED_ORIGINS=http://localhost:4200
# Local dev: portal-shell on :4200 and portal-admin on :4300 — both
# call the BFF with credentials. Source of truth for the ports:
# `apps/<app>/project.json` `serve.options.port`.
CORS_ALLOWED_ORIGINS=http://localhost:4200,http://localhost:4300
# Rate limiting (per ADR-0015 §"DoS mitigation"). Both optional
# with conservative defaults; override per environment when traffic
@@ -16,7 +16,7 @@ const ENTRA: EntraConfig = {
redirectUri: 'http://localhost:3000/api/auth/callback',
postLogoutRedirectUri: 'http://localhost:4200/',
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
adminPostLogoutRedirectUri: 'http://localhost:4201/',
adminPostLogoutRedirectUri: 'http://localhost:4300/',
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
};
@@ -17,7 +17,7 @@ const ENTRA: EntraConfig = {
redirectUri: 'http://localhost:3000/api/auth/callback',
postLogoutRedirectUri: 'http://localhost:4200/',
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
adminPostLogoutRedirectUri: 'http://localhost:4201/',
adminPostLogoutRedirectUri: 'http://localhost:4300/',
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
};
+1 -1
View File
@@ -43,7 +43,7 @@ const VALID = {
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/',
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/',
// Well-formed but unreachable Redis URL — `ioredis` opens the
// socket lazily so the module compiles without any network access.
REDIS_URL: 'redis://default:test-pass@127.0.0.1:65535/0',
@@ -12,7 +12,7 @@ const ENTRA: EntraConfig = {
redirectUri: 'http://localhost:3000/api/auth/callback',
postLogoutRedirectUri: 'http://localhost:4200/',
adminRedirectUri: 'http://localhost:3000/api/admin/auth/callback',
adminPostLogoutRedirectUri: 'http://localhost:4201/',
adminPostLogoutRedirectUri: 'http://localhost:4300/',
authority: 'https://login.microsoftonline.com/aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee',
};
@@ -21,8 +21,9 @@
* Production should set `CORS_ALLOWED_ORIGINS` to the SPA / admin
* SPA's deploy origins (e.g.
* `https://portal.apf.example,https://admin.portal.apf.example`).
* Dev `.env` lists `http://localhost:4200` (and 4201 once
* portal-admin grows a dev server).
* Dev `.env` lists `http://localhost:4200` (portal-shell) and
* `http://localhost:4300` (portal-admin) — see
* apps/portal-admin/project.json `serve.options.port`.
*/
export function readCorsAllowlist(): readonly string[] {
const raw = process.env['CORS_ALLOWED_ORIGINS'];
@@ -8,7 +8,7 @@ const VALID = {
ENTRA_REDIRECT_URI: 'http://localhost:3000/api/auth/callback',
ENTRA_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4200/',
ENTRA_ADMIN_REDIRECT_URI: 'http://localhost:3000/api/admin/auth/callback',
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4201/',
ENTRA_ADMIN_POST_LOGOUT_REDIRECT_URI: 'http://localhost:4300/',
};
describe('assertEntraConfig', () => {