Oliver/hp-prod-tracker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hp-prod-tracker/.env.example
Vadym Samoilenko 250796dd0c Replace Auth.js OAuth with MSAL.js SPA browser flow 
- Token exchange now happens entirely in the browser via @azure/msal-browser
  (PKCE, no client_secret — correct for Azure SPA registrations)
- Browser stays on /hp-prod-tracker/login throughout; the /api/auth/callback
  URL never appears in the address bar
- New /api/auth/sso route validates the id_token (jose + Azure JWKS),
  creates User/Account/Session in Prisma, and sets the authjs session cookie
- Auth.js retained only for session reading (auth()) and signOut()
- Fix dev bypass safety gate: use NODE_ENV !== production instead of
  absence of AUTH_MICROSOFT_ENTRA_ID_SECRET
- Rename env vars: AUTH_MICROSOFT_ENTRA_ID_ID → AZURE_CLIENT_ID,
  AUTH_MICROSOFT_ENTRA_ID_TENANT_ID → AZURE_TENANT_ID, remove AUTH_URL
- Remove /api/auth Apache proxy rule (no longer needed)
- Delete OAuthRelay.tsx, add MsalLogin.tsx

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 18:49:43 +01:00

35 lines
1.7 KiB
Text
Raw Blame History

# ─── Database ────────────────────────────────────────────
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/hp_prod_tracker?schema=public"
DB_PASSWORD=postgres # Change in production
# ─── Auth (Microsoft Entra ID SSO — SPA registration) ───
AUTH_SECRET="" # Generate with: openssl rand -base64 32
# Azure AD Application (Client) ID
AZURE_CLIENT_ID=""
# Azure AD Directory (Tenant) ID
AZURE_TENANT_ID=""
# Redirect URI registered in Azure portal (SPA platform) — must be the login page URL
# e.g. https://your-domain.com/your-app/login
AZURE_REDIRECT_URI=""
# No client secret — SPA registrations use PKCE in the browser (no AUTH_URL needed)
# ─── Dev Auth Bypass (local development only) ───────────
# Set to "true" to skip SSO and auto-login as dev admin user.
# Ignored when NODE_ENV=production.
DEV_BYPASS_AUTH="true"
DEV_USER_ID="dev-user-001"
# ─── App ─────────────────────────────────────────────────
NEXT_PUBLIC_APP_URL="http://localhost:3000"
# ─── Claude AI (chat assistant — primary provider) ──────
ANTHROPIC_API_KEY=""
# ANTHROPIC_MODEL="claude-haiku-4-5-20251001"
# ─── Cron / Scheduler ───────────────────────────────────
CRON_SECRET="" # Generate with: openssl rand -hex 32
# ─── Ollama (AI — embeddings, search, chat fallback) ────
OLLAMA_HOST="http://localhost:11434"
OLLAMA_EMBED_MODEL="nomic-embed-text"
OLLAMA_LLM_MODEL="qwen3:1.7b"
Reference in a new issue View git blame Copy permalink