pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a686957b0958f0384c95ef69768e5eca1f91dbd3
cannamanage/cannamanage-frontend/next.config.mjs
T
Patrick Plate a686957b09
CI — Build, Lint & Security Scan / backend (push) Failing after 1m4s
Details
CI — Build, Lint & Security Scan / frontend (push) Failing after 1m24s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been skipped
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Failing after 21s
Details
Deploy to TrueNAS / deploy (push) Failing after 4m0s
Details
feat(deploy): public hosting at cannamanage.plate-software.de + fix systemic auth-token bug 
Auth fix (the real unblocker):
- Add server-side proxy Route Handler app/api/backend/[...path]/route.ts that
  reads the NextAuth session via auth() and injects Authorization: Bearer on
  every API call. Method-agnostic; streams raw request body (multipart uploads)
  and upstream response body (binary PDF/CSV downloads). Replaces the static
  next.config.mjs rewrite, which could not inject a header — the root cause of
  every authenticated browser fetch hitting the backend unauthenticated.
- Expose session.accessToken in the auth.ts session() callback (+ type aug).
  Uses auth() not getToken() so cookie handling is correct across the public
  HTTPS (Apache) -> internal HTTP (container) proxy boundary.
- No service files changed; all 24 services already call /api/backend/*.
  Verified live: NextAuth login -> GET /api/backend/members -> HTTP 200.

Public hosting (same proven chain as Gitea/InspectFlow):
- docker-compose.truenas.yml: NEXTAUTH_URL/AUTH_URL -> https public origin,
  rotate AUTH_SECRET + JWT_SECRET + DB_PASSWORD off the committed dev defaults.
- deploy.yml: inject AUTH_SECRET/JWT_SECRET/DB_PASSWORD from Gitea secrets;
  reconcile the live Postgres role password (volume keeps old pw on re-deploy).
- frpc on TrueNAS tunnels frontend :3000 -> VPS frps :30010; IONOS Apache
  terminates TLS for cannamanage.plate-software.de and proxies through frp.
2026-06-22 10:46:15 +02:00

20 lines
709 B
JavaScript
Raw Blame History

import createNextIntlPlugin from "next-intl/plugin"
const withNextIntl = createNextIntlPlugin("./src/i18n/request.ts")
/** @type {import('next').NextConfig} */
const nextConfig = {
// See https://lucide.dev/guide/packages/lucide-react#nextjs-example
transpilePackages: ["lucide-react"],
// Required for Docker standalone output
output: "standalone",
// NOTE: API calls to /api/backend/* are proxied by the server-side Route
// Handler at src/app/api/backend/[...path]/route.ts, NOT by a static
// rewrite. A static rewrite cannot inject the NextAuth Bearer token; the
// route handler reads the session via auth() and forwards it. See that file.
}
export default withNextIntl(nextConfig)
Reference in New Issue View Git Blame Copy Permalink