f217a5aea6
Replace X-User-Id header auth with Azure AD JWT token validation. Backend validates tokens via JWKS, frontend uses MSAL for login/token acquisition. Adds logout button, 401 handling, and configurable AZURE_AUTH_ENABLED toggle. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
ports:
|
|
- "5453:5432"
|
|
environment:
|
|
POSTGRES_USER: olivas
|
|
POSTGRES_PASSWORD: olivas
|
|
POSTGRES_DB: olivas
|
|
volumes:
|
|
- pgdata:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U olivas"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
backend:
|
|
build: ./backend
|
|
ports:
|
|
- "8000:8000"
|
|
environment:
|
|
DATABASE_URL: postgresql+asyncpg://olivas:olivas@postgres:5432/olivas
|
|
UPLOAD_DIR: /app/data/uploads
|
|
DEVICE: auto
|
|
CORS_ORIGINS: http://localhost:1577
|
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
|
|
# Google Cloud Run — set these to enable Cloud Run offloading
|
|
CLOUD_RUN_SALIENCY_URL: ${CLOUD_RUN_SALIENCY_URL:-}
|
|
CLOUD_RUN_PROCESSING_URL: ${CLOUD_RUN_PROCESSING_URL:-}
|
|
CLOUD_RUN_SECRET: ${CLOUD_RUN_SECRET:-}
|
|
GOOGLE_CLOUD_PROJECT: ${GOOGLE_CLOUD_PROJECT:-optical-414516}
|
|
# Azure AD SSO
|
|
AZURE_AUTH_ENABLED: ${AZURE_AUTH_ENABLED:-true}
|
|
AZURE_TENANT_ID: ${AZURE_TENANT_ID:-}
|
|
AZURE_CLIENT_ID: ${AZURE_CLIENT_ID:-}
|
|
volumes:
|
|
- uploads:/app/data/uploads
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
|
|
frontend:
|
|
build: ./frontend
|
|
ports:
|
|
- "1577:1577"
|
|
depends_on:
|
|
- backend
|
|
|
|
volumes:
|
|
pgdata:
|
|
uploads:
|