feat(frontend): OIDC login + runtime env (FABRIC_OIDC_ONLY/FIX_TO_CENTER)

- Runtime container env injected by docker/entrypoint.sh -> runtime-env.js (loaded before the bundle); src/lib/runtime-env.ts reads it. FABRIC_OIDC_ONLY hides the password form; FIX_TO_CENTER pins the Center base and hides its input. Dockerfile ENTRYPOINT + ENV defaults. - LoginPage: 'Sign in with SSO' when /auth/oidc/status enabled; password form gated by OIDC_ONLY; center input gated by FIX_TO_CENTER. - /oidc route (OidcCallback) redeems the fragment ticket via /auth/oidc/exchange and adopts the session (AuthContext.adoptSession). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 09:44:49 +01:00
parent 4892af55e8
commit 92d3b4dc1b
11 changed files with 234 additions and 26 deletions
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+set -e
+
+# Inject container env into the static SPA at runtime. The app loads
+# /runtime-env.js (see index.html) before its bundle.
+#   FABRIC_OIDC_ONLY  - "true" hides the username/password login form
+#   FIX_TO_CENTER     - non-empty pins the Center API base + hides its input
+ONLY="false"
+case "$(printf '%s' "${FABRIC_OIDC_ONLY:-}" | tr '[:upper:]' '[:lower:]')" in
+  1|true|yes|on) ONLY="true" ;;
+esac
+
+# JSON-escape FIX_TO_CENTER (backslash + double-quote)
+FIX="$(printf '%s' "${FIX_TO_CENTER:-}" | sed 's/\\/\\\\/g; s/"/\\"/g')"
+
+cat > /usr/share/nginx/html/runtime-env.js <<EOF
+window.__FABRIC_ENV__ = { oidcOnly: ${ONLY}, fixToCenter: "${FIX}" };
+EOF
+
+exec "$@"