api.ts + useAuthConfig kept the old wizard-era localStorage path for the
backend URL, which is why fresh browsers saw blank pages on MonitorPage
and any other api-using page after the v0.4.0 wizard removal — without
the wizard pre-seeding localStorage, getApiBase() returned undefined and
axios called same-origin (frontend nginx, 404).
App.tsx getApiBase() partially worked because I had only refactored that
one path; api.ts (used by everything else) still had its own duplicate
getApiBase that I missed.
This commit removes the localStorage path entirely from all 3 read sites
(api.ts / App.tsx / useAuthConfig.ts) — single source of truth is now
the build-time env baked in by the Dockerfile ARG.
- src/services/api.ts: const API_BASE = import.meta.env.VITE_HF_BACKEND_BASE_URL
- src/App.tsx: const API_BASE = ... (replaces getApiBase())
- src/hooks/useAuthConfig.ts: const BACKEND_BASE = ...
- src/test/setup.ts: stub import.meta.env instead of localStorage key
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- useAuthConfig fetches public /auth/config; LoginPage hides the
password form when oidc_only and shows an SSO button when enabled.
- /oidc/callback route applies the returned JWT (sign-in) or shows the
link result; oidc_error surfaced on LoginPage.
- UsersPage: hides password fields in OIDC-only mode; admin OIDC
bind/unbind UI per user. Sidebar self-service "Link OIDC account"
(non-OIDC_ONLY).
- Dockerfile ARG/ENV HARBORFORGE_OIDC_ONLY.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
