zhi/HarborForge.Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: zhi:aaf36a4f5c6dc3dce9b7ec397973b69f98251c44
Branches Tags
zhi:main zhi:feat/knowledge-base zhi:feature/foundry-deck-ui
...
compare: zhi:10771a8ffcce75f7c5914c22d528d54cb1ade655
Branches Tags
zhi:main zhi:feat/knowledge-base zhi:feature/foundry-deck-ui

8 Commits
aaf36a4f5c ... 10771a8ffc

Author SHA1 Message Date
hzhang
10771a8ffc feat(frontend)!: drop SetupWizardPage, backend URL via build-time VITE_* 
Frontend no longer has any wizard flow. Backend URL is baked into the bundle
at build time via VITE_HF_BACKEND_BASE_URL (forwarded as a Dockerfile ARG
from compose).

- src/App.tsx: drop SetupWizardPage import + appState='setup' fallback +
  HF_WIZARD_PORT-via-localStorage probe. getApiBase() now reads
  import.meta.env.VITE_HF_BACKEND_BASE_URL with localStorage as an escape
  hatch for dev. When /config/status reports no admin yet, show a card
  prompting the operator to run `docker exec hf_backend hf-cli admin
  create-user ...`.
- src/pages/SetupWizardPage.tsx: deleted (~250 lines)
- src/index.css: drop .setup-wizard + .setup-* styles (~36 lines)
- src/vite-env.d.ts: add VITE_HF_BACKEND_BASE_URL to ImportMetaEnv
- Dockerfile: ARG VITE_HF_BACKEND_BASE_URL → ENV → npm run build

Build the prod image with:
  docker build --build-arg VITE_HF_BACKEND_BASE_URL=https://hf-api.hangman-lab.top \
    -t git.hangman-lab.top/zhi/harborforge-frontend:latest .

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 19:03:10 +01:00
hzhang
8e52e2bf74 feat(ui): overridable favicon/logo with branded default 
Replace the  emoji with a real logo image used as the in-app brand
mark and the favicon. Default bundled public/logo.svg is the
HangmanLab mark recolored to the Foundry-Deck ember (#ff6a1a).
Override at deploy time via HARBORFORGE_LOGO_URL (injected into
runtime-config.js; getLogoUrl() + favicon swap), no rebuild needed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 22:39:58 +01:00
h z
4d0575291d Merge pull request 'feature/oidc-login' (#12) from feature/oidc-login into main 
Reviewed-on: #12
 2026-05-17 21:27:55 +00:00
hzhang
73da3926e7 feat(auth): admin_role config; drop manual admin-subject from wizard 
OIDC settings page + setup wizard now configure the bootstrap admin
role instead of a hand-typed OIDC subject. The OIDC-only admin link is
handled automatically by the backend admin-role auto-connect on first
sign-in (explained inline in both the wizard and settings page).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 21:05:40 +01:00
hzhang
782e42ac64 feat(setup): OIDC step in setup wizard + runtime OIDC_ONLY flag 
Solves the OIDC-only bootstrap lockout (admin can't reach the in-app
OIDC settings page when password login is disabled and OIDC is unset).

- Frontend image entrypoint injects /runtime-config.js from the
  deploy-time HARBORFORGE_OIDC_ONLY env so the SPA knows the mode
  before the backend exists.
- Setup wizard gains an "OIDC" step (between Admin and Backend):
  required when OIDC-only (incl. admin's OIDC subject so the bootstrap
  admin can sign in), optional otherwise; written into harborforge.json.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:50:58 +01:00
hzhang
ba55fee9d5 fix(auth): register /settings/oidc route for admins only 
Non-admins fall through to the catch-all redirect instead of seeing
the OIDC settings page shell. Sidebar link, in-page guard and the
admin-only backend API remain as defense in depth.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:33:28 +01:00
hzhang
8cac6951d7 feat(auth): admin OIDC settings page 
New admin page /settings/oidc to configure the OIDC provider (issuer,
client id/secret, redirect/callback URL, scopes, post-login redirect).
Prominently shows the callback URL to register at the IdP, current
status/source, and the read-only deploy-level OIDC-only flag. Secret
is write-only (blank = keep). Sidebar entry for admins.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:29:22 +01:00
hzhang
8f8d6d5465 feat(auth): OIDC login UI + binding management + OIDC-only mode 
- useAuthConfig fetches public /auth/config; LoginPage hides the
  password form when oidc_only and shows an SSO button when enabled.
- /oidc/callback route applies the returned JWT (sign-in) or shows the
  link result; oidc_error surfaced on LoginPage.
- UsersPage: hides password fields in OIDC-only mode; admin OIDC
  bind/unbind UI per user. Sidebar self-service "Link OIDC account"
  (non-OIDC_ONLY).
- Dockerfile ARG/ENV HARBORFORGE_OIDC_ONLY.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-17 20:22:14 +01:00
16 changed files with 656 additions and 318 deletions
Expand all files Collapse all files

24
Dockerfile
View File

@@ -1,6 +1,14 @@
# Build stage
FROM node:20-alpine AS build
WORKDIR /app
# Build-time backend URL — Vite inlines this into the bundle. Passed as
# `--build-arg VITE_HF_BACKEND_BASE_URL=https://hf-api.example.com` in
# the compose file. Without it the bundle calls relative paths (only
# works in dev with the Vite proxy).
ARG VITE_HF_BACKEND_BASE_URL=""
ENV VITE_HF_BACKEND_BASE_URL=${VITE_HF_BACKEND_BASE_URL}
COPY package.json package-lock.json* ./
RUN npm install
COPY . .
@@ -12,5 +20,19 @@ RUN npm install -g serve@14
WORKDIR /app
COPY --from=build /app ./
ENV FRONTEND_DEV_MODE=0
# OIDC-only mode flag. Injected into the SPA at container start as
# /runtime-config.js so the setup wizard knows it before the backend
# exists; /auth/config remains authoritative once the backend is up.
ARG HARBORFORGE_OIDC_ONLY=false
ENV HARBORFORGE_OIDC_ONLY=${HARBORFORGE_OIDC_ONLY}
# Optional deploy-time branding override: a URL the SPA uses for the
# logo + favicon. Empty → bundled /logo.svg default.
ARG HARBORFORGE_LOGO_URL=
ENV HARBORFORGE_LOGO_URL=${HARBORFORGE_LOGO_URL}
EXPOSE 3000
CMD ["sh", "-c", "if [ \"$FRONTEND_DEV_MODE\" = \"1\" ]; then npm run dev -- --host 0.0.0.0 --port 3000 --strictPort; else serve -s dist -l 3000; fi"]
CMD ["sh", "-c", "\
if [ \"$HARBORFORGE_OIDC_ONLY\" = \"true\" ]; then OO=true; else OO=false; fi; \
CFG=\"window.__HF_RUNTIME__={\\\"oidc_only\\\":$OO,\\\"logo_url\\\":\\\"$HARBORFORGE_LOGO_URL\\\"};\"; \
mkdir -p public; printf '%s' \"$CFG\" > public/runtime-config.js; \
[ -d dist ] && printf '%s' \"$CFG\" > dist/runtime-config.js; \
if [ \"$FRONTEND_DEV_MODE\" = \"1\" ]; then npm run dev -- --host 0.0.0.0 --port 3000 --strictPort; else serve -s dist -l 3000; fi"]

12
index.html
View File

@@ -2,12 +2,22 @@
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<link id="hf-favicon" rel="icon" type="image/svg+xml" href="/logo.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>HarborForge</title>
</head>
<body>
<div id="root"></div>
<!-- Runtime config injected by the container entrypoint (deploy-time
HARBORFORGE_OIDC_ONLY). Absent in dev → app falls back to /auth/config. -->
<script src="/runtime-config.js"></script>
<script>
// Optional deploy-time branding override (HARBORFORGE_LOGO_URL).
try {
var u = window.__HF_RUNTIME__ && window.__HF_RUNTIME__.logo_url;
if (u) document.getElementById('hf-favicon').href = u;
} catch (e) {}
</script>
<script type="module" src="/src/main.tsx"></script>
</body>
</html>

44
public/logo.svg Normal file
View File

@@ -0,0 +1,44 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 733.000000 733.000000" role="img" aria-label="Hangman Lab">
<g transform="translate(0.000000,733.000000) scale(0.100000,-0.100000)"
fill="#ff6a1a" stroke="none">
<path d="M812 6860 c-66 -40 -73 -66 -70 -242 3 -141 5 -159 24 -185 43 -58
63 -63 262 -64 l182 -1 0 -2694 0 -2694 -290 0 c-314 0 -332 -3 -380 -54 -24
-27 -25 -32 -28 -199 -3 -195 4 -218 71 -250 32 -16 257 -17 3084 -17 2955 0
3049 1 3083 19 65 34 75 66 75 236 0 186 -16 224 -104 254 -25 8 -682 11
-2512 11 l-2479 0 0 1998 0 1997 698 697 697 697 670 -3 c369 -2 680 -4 693
-5 22 -1 22 -1 22 -269 l0 -268 84 -12 c47 -7 103 -19 125 -27 41 -14 41 -14
43 283 l3 297 631 1 c698 2 673 -1 714 67 18 28 20 51 20 187 0 173 -8 201
-72 240 -33 20 -56 20 -2623 20 -2567 0 -2590 0 -2623 -20z m1725 -500 c-1 -3
-183 -185 -404 -404 l-403 -399 0 405 0 406 405 -1 c223 -1 404 -4 402 -7z
M4283 5701 c-459 -125 -690 -624 -483 -1046 67 -138 196 -266 335 -335 281
-139 612 -93 837 118 235 219 297 575 152 870 -85 174 -235 306 -427 375 -111
40 -302 48 -414 18z m267 -211 c95 -15 201 -70 274 -144 273 -274 173 -723
-189 -851 -93 -33 -236 -35 -326 -5 -202 68 -340 249 -356 465 -18 242 153
471 394 529 71 18 119 19 203 6z M5945 4716 c-56 -25 -80 -61 -80 -122 0 -48
4 -57 36 -90 88 -88 219 -29 219 98 0 45 -34 96 -75 114 -42 17 -61 17 -100 0z
M5675 4466 c-60 -26 -73 -109 -26 -157 62 -61 161 -19 161 70 0 74 -68 118
-135 87z M3747 4397 c-10 -7 -226 -223 -479 -482 -307 -313 -467 -483 -479
-510 -35 -75 -17 -177 38 -227 39 -35 114 -61 160 -54 100 13 104 17 583 554
l145 162 3 -404 c3 -455 15 -342 -137 -1186 -76 -423 -101 -587 -101 -664 0
-190 182 -307 377 -242 62 21 136 95 152 152 6 22 29 188 52 369 57 466 109
839 118 848 4 4 52 6 106 5 l99 -3 67 -210 c38 -115 68 -220 69 -232 0 -12
-38 -152 -85 -311 -47 -159 -85 -302 -85 -317 0 -128 109 -225 255 -225 109 1
185 42 228 125 26 51 237 683 237 710 0 11 -54 182 -121 380 -121 360 -121
360 -134 605 -8 135 -14 292 -14 350 l0 105 152 -158 c84 -87 166 -167 182
-177 44 -29 98 -26 135 8 38 35 187 379 173 401 -5 8 -34 20 -64 26 -59 11
-38 -8 -393 362 -89 93 -100 97 -174 59 -59 -30 -161 -62 -229 -71 -52 -7 -53
-7 -53 -41 0 -44 -21 -84 -61 -118 -38 -32 -41 0 32 -455 l52 -325 -82 -78
c-45 -43 -85 -78 -89 -78 -4 0 -42 35 -84 78 l-77 77 34 215 c19 118 46 289
61 379 26 164 26 164 -5 188 -42 33 -54 58 -61 121 -5 54 -5 54 -92 87 -98 38
-184 89 -243 145 -76 70 -123 87 -168 57z M5504 4170 c-74 -30 -69 -170 6
-170 19 0 20 -7 20 -123 0 -122 0 -122 -54 -262 -30 -77 -97 -243 -150 -369
-106 -252 -113 -287 -73 -347 46 -70 38 -69 560 -69 327 0 475 3 490 11 69 35
107 109 88 172 -5 17 -62 142 -126 277 -225 470 -215 443 -215 586 0 114 2
124 18 124 57 0 72 101 23 151 -29 29 -29 29 -298 28 -147 0 -278 -4 -289 -9z
m376 -307 c1 -148 1 -148 81 -333 101 -231 98 -222 68 -216 -13 3 -116 22
-229 42 -112 19 -208 37 -212 40 -4 2 18 75 48 160 54 156 54 156 54 305 l0
149 95 0 95 0 0 -147z m-219 -593 c22 0 49 -42 49 -75 0 -46 -29 -75 -74 -75
-37 0 -76 36 -76 71 0 46 45 94 78 83 8 -2 18 -4 23 -4z m327 -126 c53 -59 -7
-144 -80 -113 -54 22 -65 83 -22 125 30 31 67 27 102 -12z"/>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

100
src/App.tsx
View File

@@ -3,7 +3,6 @@ import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom'
import { useAuth } from '@/hooks/useAuth'
import Sidebar from '@/components/Sidebar'
import LoginPage from '@/pages/LoginPage'
import SetupWizardPage from '@/pages/SetupWizardPage'
import DashboardPage from '@/pages/DashboardPage'
import TasksPage from '@/pages/TasksPage'
import TaskDetailPage from '@/pages/TaskDetailPage'
@@ -20,71 +19,89 @@ import UsersPage from '@/pages/UsersPage'
import CalendarPage from '@/pages/CalendarPage'
import SupportDetailPage from '@/pages/SupportDetailPage'
import MeetingDetailPage from '@/pages/MeetingDetailPage'
import OidcCallbackPage from '@/pages/OidcCallbackPage'
import OidcSettingsPage from '@/pages/OidcSettingsPage'
import axios from 'axios'
const getStoredWizardPort = (): number | null => {
const stored = Number(localStorage.getItem('HF_WIZARD_PORT'))
return stored && stored > 0 ? stored : null
// Backend URL is baked in at build time via VITE_HF_BACKEND_BASE_URL (the
// docker-compose hf-frontend service passes it as a build ARG). Falling
// back to a same-origin call only makes sense in dev with the Vite proxy.
// localStorage override is kept as an escape hatch for one-off pointing
// (e.g. dev pointing the prod build at a local backend).
const getApiBase = (): string => {
const ls = localStorage.getItem('HF_BACKEND_BASE_URL')
if (ls) return ls
const baked = import.meta.env.VITE_HF_BACKEND_BASE_URL
return baked || ''
}
const getApiBase = () => {
return localStorage.getItem('HF_BACKEND_BASE_URL') ?? undefined
}
type AppState = 'checking' | 'setup' | 'ready'
type AppState = 'checking' | 'no-admin' | 'ready'
export default function App() {
const [appState, setAppState] = useState<AppState>('checking')
const { user, loading, login, logout } = useAuth()
const [errorMessage, setErrorMessage] = useState<string>('')
const { user, loading, login, loginWithToken, logout } = useAuth()
useEffect(() => {
checkInitialized()
}, [])
const checkInitialized = async () => {
// First try the backend /config/status endpoint (reads from config volume directly)
try {
const res = await axios.get(`${getApiBase()}/config/status`, { timeout: 5000 })
const cfg = res.data || {}
if (cfg.backend_url) {
localStorage.setItem('HF_BACKEND_BASE_URL', cfg.backend_url)
}
if (cfg.initialized === true) {
setAppState('ready')
return
}
} catch {
// Backend unreachable — fall through to wizard check
setAppState('no-admin')
} catch (err) {
const msg = err instanceof Error ? err.message : String(err)
setErrorMessage(`Backend unreachable at ${getApiBase() || '<same origin>'}${msg}`)
setAppState('no-admin')
}
// Fallback: if a wizard port was previously saved during setup, try it directly
const storedPort = getStoredWizardPort()
if (storedPort) {
try {
const res = await axios.get(`http://127.0.0.1:${storedPort}/api/v1/config/harborforge.json`, {
timeout: 5000,
})
const cfg = res.data || {}
if (cfg.backend_url) {
localStorage.setItem('HF_BACKEND_BASE_URL', cfg.backend_url)
}
if (cfg.initialized === true) {
setAppState('ready')
return
}
} catch {
// ignore — fall through to setup
}
}
setAppState('setup')
}
if (appState === 'checking') {
return <div className="loading">Checking configuration status...</div>
return <div className="loading">Checking deployment status</div>
}
if (appState === 'setup') {
return <SetupWizardPage initialWizardPort={getStoredWizardPort()} onComplete={checkInitialized} />
if (appState === 'no-admin') {
return (
<div className="login-page">
<div className="login-card">
<h1> HarborForge</h1>
{errorMessage ? (
<>
<p className="text-dim">Cannot reach the backend.</p>
<pre style={{ whiteSpace: 'pre-wrap', fontSize: '0.85em' }}>{errorMessage}</pre>
<p className="text-dim">
Set <code>VITE_HF_BACKEND_BASE_URL</code> at build time
(e.g. <code>https://hf-api.example.com</code>) in the
frontend container's compose entry.
</p>
</>
) : (
<>
<p className="text-dim">
No admin user found. Bootstrap the deployment by running, on the host:
</p>
<pre style={{ whiteSpace: 'pre-wrap', fontSize: '0.85em' }}>
{`docker exec hf-backend hf-cli admin create-user \\
--email you@example.com \\
--password '...' \\
# ...or in OIDC_ONLY mode:
--oidc-issuer https://login.example.com/realms/your-realm \\
--oidc-subject <sub-from-idp>`}
</pre>
<button className="btn-primary" onClick={checkInitialized}>
Recheck
</button>
</>
)}
</div>
</div>
)
}
if (loading) return <div className="loading">Loading...</div>
@@ -100,6 +117,7 @@ export default function App() {
<Route path="/users" element={<UsersPage />} />
<Route path="/monitor" element={<MonitorPage />} />
<Route path="/login" element={<LoginPage onLogin={login} />} />
<Route path="/oidc/callback" element={<OidcCallbackPage onToken={loginWithToken} />} />
<Route path="*" element={<Navigate to="/monitor" />} />
</Routes>
</main>
@@ -133,6 +151,8 @@ export default function App() {
<Route path="/roles" element={<RoleEditorPage />} />
<Route path="/users" element={<UsersPage />} />
<Route path="/monitor" element={<MonitorPage />} />
{user?.is_admin && <Route path="/settings/oidc" element={<OidcSettingsPage />} />}
<Route path="/oidc/callback" element={<OidcCallbackPage onToken={loginWithToken} />} />
<Route path="*" element={<Navigate to="/" />} />
</Routes>
</main>

11
src/components/Sidebar.tsx
View File

@@ -1,6 +1,8 @@
import { useState, useEffect } from 'react'
import { Link, useLocation, useNavigate } from 'react-router-dom'
import api from '@/services/api'
import { useAuthConfig, oidcLinkHref } from '@/hooks/useAuthConfig'
import { getLogoUrl } from '@/runtime'
import type { User } from '@/types'
interface Props {
@@ -11,6 +13,7 @@ interface Props {
export default function Sidebar({ user, onLogout }: Props) {
const { pathname } = useLocation()
const navigate = useNavigate()
const { config: authCfg } = useAuthConfig()
const [unreadCount, setUnreadCount] = useState(0)
useEffect(() => {
@@ -39,6 +42,7 @@ export default function Sidebar({ user, onLogout }: Props) {
...(user.is_admin ? [
{ to: '/users', icon: '👥', label: 'Users' },
{ to: '/roles', icon: '🔐', label: 'Roles' },
{ to: '/settings/oidc', icon: '🪪', label: 'OIDC' },
] : []),
] : [
{ to: '/monitor', icon: '📡', label: 'Monitor' },
@@ -47,7 +51,7 @@ export default function Sidebar({ user, onLogout }: Props) {
return (
<nav className="sidebar">
<div className="sidebar-header">
<h1> HarborForge</h1>
<h1><img src={getLogoUrl()} className="brand-logo" alt="" /> HarborForge</h1>
</div>
<ul className="nav-links">
{links.map((l) => (
@@ -64,6 +68,11 @@ export default function Sidebar({ user, onLogout }: Props) {
<button onClick={() => navigate('/login')}>Log in</button>
)}
</div>
{user && authCfg.oidcEnabled && !authCfg.oidcOnly && (
<div className="sidebar-footer" style={{ borderTop: 'none', paddingTop: 0 }}>
<a href={oidcLinkHref()} title="Link your account to an OIDC identity">🔗 Link OIDC account</a>
</div>
)}
</nav>
)
}

8
src/hooks/useAuth.ts
View File

@@ -44,10 +44,16 @@ export function useAuth() {
await fetchUser()
}
const loginWithToken = async (token: string) => {
localStorage.setItem('token', token)
setState((s) => ({ ...s, token }))
await fetchUser()
}
const logout = () => {
localStorage.removeItem('token')
setState({ user: null, token: null, loading: false })
}
return { ...state, login, logout }
return { ...state, login, loginWithToken, logout }
}

76
src/hooks/useAuthConfig.ts Normal file
View File

@@ -0,0 +1,76 @@
import { useState, useEffect } from 'react'
import api from '@/services/api'
export interface AuthConfig {
oidcEnabled: boolean
oidcOnly: boolean
passwordLogin: boolean
oidcLoginUrl: string
}
const DEFAULT: AuthConfig = {
oidcEnabled: false,
oidcOnly: false,
passwordLogin: true,
oidcLoginUrl: '/auth/oidc/login',
}
let cache: AuthConfig | null = null
let inflight: Promise<AuthConfig> | null = null
async function load(): Promise<AuthConfig> {
if (cache) return cache
if (inflight) return inflight
inflight = api
.get('/auth/config')
.then(({ data }) => {
cache = {
oidcEnabled: !!data.oidc_enabled,
oidcOnly: !!data.oidc_only,
passwordLogin: data.password_login !== false,
oidcLoginUrl: data.oidc_login_url || '/auth/oidc/login',
}
return cache
})
.catch(() => {
// Backend unreachable / old backend without /auth/config:
// fall back to password-only so login is never fully blocked.
cache = { ...DEFAULT }
return cache
})
.finally(() => {
inflight = null
})
return inflight
}
/** Absolute backend URL for full-page OIDC redirects. */
export function oidcLoginHref(cfg: AuthConfig): string {
const base = localStorage.getItem('HF_BACKEND_BASE_URL') ?? ''
return `${base}${cfg.oidcLoginUrl}`
}
export function oidcLinkHref(): string {
const base = localStorage.getItem('HF_BACKEND_BASE_URL') ?? ''
return `${base}/auth/oidc/link`
}
export function useAuthConfig() {
const [config, setConfig] = useState<AuthConfig | null>(cache)
const [loading, setLoading] = useState(!cache)
useEffect(() => {
let alive = true
load().then((c) => {
if (alive) {
setConfig(c)
setLoading(false)
}
})
return () => {
alive = false
}
}, [])
return { config: config ?? DEFAULT, loading }
}

46
src/index.css
View File

@@ -144,7 +144,12 @@ input, textarea, select, button { font-family: inherit; }
font-size: 1.3rem; letter-spacing: .12em;
display: flex; align-items: center; gap: 8px;
}
.sidebar-header h1::first-letter { color: var(--accent); }
/* Brand logo (overridable via HARBORFORGE_LOGO_URL / public/logo.svg) */
.brand-logo {
height: 1.15em; width: auto; vertical-align: -0.18em;
display: inline-block; flex: 0 0 auto;
}
.login-card h1 .brand-logo, .setup-header h1 .brand-logo { height: 1.4em; }
.nav-links { list-style: none; flex: 1; padding: 14px 12px; display: flex; flex-direction: column; gap: 2px; }
.nav-links li a {
display: flex; align-items: center; gap: 10px;
@@ -175,7 +180,7 @@ input, textarea, select, button { font-family: inherit; }
.sidebar-footer button:hover { border-color: var(--accent); color: var(--accent); }
/* ---- Login -------------------------------------------------------------- */
.login-page, .setup-wizard {
.login-page {
display: flex; align-items: center; justify-content: center;
min-height: 100vh; padding: 24px;
}
@@ -464,43 +469,6 @@ dd { font-size: .92rem; font-family: 'JetBrains Mono', monospace; }
.empty::after { content: ' —'; color: var(--accent); }
.text-dim { color: var(--text-dim); font-size: .82rem; }
/* ---- Setup Wizard ------------------------------------------------------- */
.setup-container {
position: relative; background: var(--bg-card); border: var(--hair);
border-radius: 6px; padding: 44px; max-width: 620px; width: 100%;
box-shadow: 0 40px 80px -30px rgba(0,0,0,.8);
animation: deck-in .55s cubic-bezier(.16,1,.3,1) both;
}
.setup-container::before { content: ''; position: absolute; left: 0; right: 0; top: 0; height: 3px; background: var(--ember); border-radius: 6px 6px 0 0; }
.setup-header { text-align: center; margin-bottom: 34px; }
.setup-header h1 { font-size: 1.6rem; margin-bottom: 22px; letter-spacing: .1em; }
.setup-steps { display: flex; justify-content: center; gap: 8px; flex-wrap: wrap; }
.setup-step {
font-size: .68rem; color: var(--text-dim); padding: 5px 12px; border-radius: 2px;
border: var(--hair); text-transform: uppercase; letter-spacing: .1em;
font-family: 'JetBrains Mono', monospace;
}
.setup-step.active { color: var(--accent); border-color: var(--accent); background: var(--ember-soft); }
.setup-step.done { color: var(--success); border-color: var(--success); }
.setup-step-content { animation: fadeIn .25s ease; }
.setup-step-content h2 { margin-bottom: 10px; font-size: 1.3rem; }
.setup-form { margin: 22px 0; }
.setup-nav { display: flex; justify-content: space-between; margin-top: 28px; }
.setup-nav button:disabled { opacity: .5; cursor: default; }
.setup-error {
background: rgba(226,85,60,.12); border: 1px solid var(--danger); color: var(--danger);
padding: 13px 16px; border-radius: var(--radius); margin-bottom: 18px;
font-size: .85rem; white-space: pre-line; font-family: 'JetBrains Mono', monospace;
}
.setup-info { background: rgba(86,198,214,.07); border: 1px solid rgba(86,198,214,.25); padding: 18px; border-radius: var(--radius); margin: 18px 0; }
.setup-info code {
display: block; background: var(--bg-sink); padding: 10px 13px; border-radius: 2px;
margin-top: 10px; font-size: .82rem; color: var(--steel); word-break: break-all;
}
.setup-hint { color: var(--warning); font-size: .82rem; margin-top: 8px; }
.setup-done { text-align: center; }
.setup-done h2 { color: var(--success); margin-bottom: 14px; }
/* ---- Monitor ------------------------------------------------------------ */
.monitor-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(270px, 1fr)); gap: 18px; margin-top: 14px; }
.monitor-card {

85
src/pages/LoginPage.tsx
View File

@@ -1,15 +1,31 @@
import React, { useState } from 'react'
import { useAuthConfig, oidcLoginHref } from '@/hooks/useAuthConfig'
import { getLogoUrl } from '@/runtime'
interface Props {
onLogin: (username: string, password: string) => Promise<void>
}
const OIDC_ERRORS: Record<string, string> = {
not_linked: 'This OIDC account is not linked to any HarborForge user. Ask an administrator to bind it first.',
exchange_failed: 'OIDC sign-in failed during token exchange. Please try again.',
no_subject: 'The identity provider did not return a subject. Sign-in aborted.',
token_rejected: 'The issued session token was rejected. Please try again.',
missing_token: 'No session token was returned. Please try again.',
link_not_allowed: 'Account linking is not allowed in this mode.',
already_bound: 'That OIDC identity is already bound to another user.',
}
export default function LoginPage({ onLogin }: Props) {
const { config, loading: cfgLoading } = useAuthConfig()
const [username, setUsername] = useState('')
const [password, setPassword] = useState('')
const [error, setError] = useState('')
const [loading, setLoading] = useState(false)
const urlError = new URLSearchParams(window.location.search).get('oidc_error')
const oidcError = urlError ? (OIDC_ERRORS[urlError] || `OIDC error: ${urlError}`) : ''
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault()
setError('')
@@ -23,31 +39,58 @@ export default function LoginPage({ onLogin }: Props) {
}
}
const showPassword = !cfgLoading && config.passwordLogin && !config.oidcOnly
const showOidc = !cfgLoading && config.oidcEnabled
return (
<div className="login-page">
<div className="login-card">
<h1> HarborForge</h1>
<h1><img src={getLogoUrl()} className="brand-logo" alt="" /> HarborForge</h1>
<p className="subtitle">Agent/Human collaborative task management platform</p>
<form onSubmit={handleSubmit}>
<input
type="text"
placeholder="Username"
value={username}
onChange={(e) => setUsername(e.target.value)}
required
/>
<input
type="password"
placeholder="Password"
value={password}
onChange={(e) => setPassword(e.target.value)}
required
/>
{error && <p className="error">{error}</p>}
<button type="submit" disabled={loading}>
{loading ? 'Signing in...' : 'Sign in'}
</button>
</form>
{oidcError && <p className="error" style={{ marginBottom: 14 }}>{oidcError}</p>}
{showPassword && (
<form onSubmit={handleSubmit}>
<input
type="text"
placeholder="Username"
value={username}
onChange={(e) => setUsername(e.target.value)}
required
/>
<input
type="password"
placeholder="Password"
value={password}
onChange={(e) => setPassword(e.target.value)}
required
/>
{error && <p className="error">{error}</p>}
<button type="submit" disabled={loading}>
{loading ? 'Signing in...' : 'Sign in'}
</button>
</form>
)}
{showPassword && showOidc && (
<p className="text-dim" style={{ textAlign: 'center', margin: '14px 0' }}> or </p>
)}
{showOidc && (
<a
className="btn-primary"
style={{ display: 'block', textAlign: 'center', textDecoration: 'none' }}
href={oidcLoginHref(config)}
>
Sign in with SSO
</a>
)}
{cfgLoading && <p className="subtitle">Loading sign-in options</p>}
{!cfgLoading && !showPassword && !showOidc && (
<p className="error">No sign-in method is available. Check server configuration.</p>
)}
</div>
</div>
)

56
src/pages/OidcCallbackPage.tsx Normal file
View File

@@ -0,0 +1,56 @@
import { useEffect, useRef, useState } from 'react'
import { useNavigate } from 'react-router-dom'
import { getLogoUrl } from '@/runtime'
interface Props {
onToken: (token: string) => Promise<void>
}
/**
* Lands here after the backend OIDC callback redirect.
* - sign-in: URL fragment `#token=<jwt>` → apply token, go to dashboard
* - self-link: query `?oidc_linked=1` → success notice, go to /users
* - failure: query `?oidc_error=<code>` → back to /login with the code
*/
export default function OidcCallbackPage({ onToken }: Props) {
const navigate = useNavigate()
const [msg, setMsg] = useState('Completing sign-in…')
const ran = useRef(false)
useEffect(() => {
if (ran.current) return
ran.current = true
const hash = new URLSearchParams(window.location.hash.replace(/^#/, ''))
const query = new URLSearchParams(window.location.search)
const token = hash.get('token')
const oidcError = query.get('oidc_error')
const linked = query.get('oidc_linked')
if (oidcError) {
navigate(`/login?oidc_error=${encodeURIComponent(oidcError)}`, { replace: true })
return
}
if (linked) {
setMsg('OIDC account linked. Redirecting…')
const t = setTimeout(() => navigate('/users', { replace: true }), 1200)
return () => clearTimeout(t)
}
if (token) {
onToken(token)
.then(() => navigate('/', { replace: true }))
.catch(() => navigate('/login?oidc_error=token_rejected', { replace: true }))
return
}
navigate('/login?oidc_error=missing_token', { replace: true })
}, [navigate, onToken])
return (
<div className="login-page">
<div className="login-card">
<h1><img src={getLogoUrl()} className="brand-logo" alt="" /> HarborForge</h1>
<p className="subtitle">{msg}</p>
</div>
</div>
)
}

171
src/pages/OidcSettingsPage.tsx Normal file
View File

@@ -0,0 +1,171 @@
import { useEffect, useState } from 'react'
import api from '@/services/api'
import { useAuth } from '@/hooks/useAuth'
interface Settings {
enabled: boolean
issuer: string | null
client_id: string | null
has_client_secret: boolean
redirect_uri: string | null
scopes: string | null
post_login_redirect: string | null
admin_role: string
oidc_only: boolean
effective_enabled: boolean
source: string
}
export default function OidcSettingsPage() {
const { user } = useAuth()
const isAdmin = user?.is_admin === true
const [loaded, setLoaded] = useState<Settings | null>(null)
const [loading, setLoading] = useState(true)
const [saving, setSaving] = useState(false)
const [message, setMessage] = useState('')
const [form, setForm] = useState({
enabled: false,
issuer: '',
client_id: '',
client_secret: '',
redirect_uri: '',
scopes: 'openid email profile',
post_login_redirect: '',
admin_role: 'admin',
})
useEffect(() => {
if (!isAdmin) { setLoading(false); return }
api.get<Settings>('/auth/oidc/settings')
.then(({ data }) => {
setLoaded(data)
setForm({
enabled: data.enabled,
issuer: data.issuer || '',
client_id: data.client_id || '',
client_secret: '',
redirect_uri: data.redirect_uri || '',
scopes: data.scopes || 'openid email profile',
post_login_redirect: data.post_login_redirect || '',
admin_role: data.admin_role || 'admin',
})
})
.catch((e) => setMessage(e.response?.data?.detail || 'Failed to load OIDC settings'))
.finally(() => setLoading(false))
}, [isAdmin])
const save = async () => {
setSaving(true)
setMessage('')
try {
const payload: Record<string, any> = {
enabled: form.enabled,
issuer: form.issuer.trim(),
client_id: form.client_id.trim(),
redirect_uri: form.redirect_uri.trim(),
scopes: form.scopes.trim(),
post_login_redirect: form.post_login_redirect.trim(),
admin_role: form.admin_role.trim() || 'admin',
}
if (form.client_secret) payload.client_secret = form.client_secret
const { data } = await api.put<Settings>('/auth/oidc/settings', payload)
setLoaded(data)
setForm((f) => ({ ...f, client_secret: '' }))
setMessage('OIDC settings saved successfully')
} catch (e: any) {
setMessage(e.response?.data?.detail || 'Failed to save OIDC settings')
} finally {
setSaving(false)
}
}
if (loading) return <div className="loading">Loading OIDC settings...</div>
if (!isAdmin) {
return (
<div className="section">
<h2>🔐 OIDC Settings</h2>
<p className="empty">Admin access required.</p>
</div>
)
}
const callbackHint = form.redirect_uri.trim() || loaded?.redirect_uri || '(set the Redirect / Callback URL below)'
return (
<div className="section">
<div className="page-header">
<div>
<h2>🔐 OIDC Settings</h2>
<div className="text-dim">Configure the OpenID Connect provider. Saved values override environment defaults.</div>
</div>
</div>
{message && (
<div style={{
padding: '10px 12px', marginBottom: 16, borderRadius: 8,
background: message.includes('success') ? 'rgba(70,180,135,.14)' : 'rgba(226,85,60,.14)',
border: `1px solid ${message.includes('success') ? 'rgba(70,180,135,.4)' : 'rgba(226,85,60,.4)'}`,
}}>{message}</div>
)}
<div className="monitor-card" style={{ marginBottom: 16 }}>
<div className="monitor-card-header">
<div style={{ fontWeight: 600 }}>Status</div>
<span className={'badge ' + (loaded?.effective_enabled ? 'status-online' : 'status-offline')}>
{loaded?.effective_enabled ? 'OIDC active' : 'OIDC inactive'}
</span>
</div>
<div className="monitor-metrics">
config source: <b>{loaded?.source}</b> · OIDC-only mode (deploy env): <b>{loaded?.oidc_only ? 'on' : 'off'}</b>
</div>
<div style={{ marginTop: 8 }}>
<div className="text-dim">Register this Redirect / Callback URL at your identity provider:</div>
<code style={{ display: 'block', marginTop: 6, wordBreak: 'break-all' }}>{callbackHint}</code>
</div>
</div>
<div className="task-create-form" style={{ maxWidth: 640 }}>
<label className="filter-check">
<input type="checkbox" checked={form.enabled} onChange={(e) => setForm({ ...form, enabled: e.target.checked })} />
Enable OIDC sign-in
</label>
<label>
Issuer (OIDC source)
<input placeholder="https://idp.example.com" value={form.issuer} onChange={(e) => setForm({ ...form, issuer: e.target.value })} />
</label>
<label>
Client ID
<input value={form.client_id} onChange={(e) => setForm({ ...form, client_id: e.target.value })} />
</label>
<label>
Client Secret
<input type="password" placeholder={loaded?.has_client_secret ? '•••••• (leave blank to keep current)' : 'client secret'} value={form.client_secret} onChange={(e) => setForm({ ...form, client_secret: e.target.value })} />
</label>
<label>
Redirect / Callback URL
<input placeholder="https://hf-api.example.com/auth/oidc/callback" value={form.redirect_uri} onChange={(e) => setForm({ ...form, redirect_uri: e.target.value })} />
</label>
<label>
Scopes
<input value={form.scopes} onChange={(e) => setForm({ ...form, scopes: e.target.value })} />
</label>
<label>
Post-login redirect (frontend)
<input placeholder="https://hf.example.com/oidc/callback" value={form.post_login_redirect} onChange={(e) => setForm({ ...form, post_login_redirect: e.target.value })} />
</label>
<label>
Admin role (bootstrap)
<input placeholder="admin" value={form.admin_role} onChange={(e) => setForm({ ...form, admin_role: e.target.value })} />
</label>
<p className="text-dim">
OIDC-only bootstrap: before any admin is linked, an IdP user whose token carries this role
auto-connects to the HarborForge admin account on first sign-in. Disables itself once an admin is bound.
</p>
<button className="btn-primary" disabled={saving} onClick={save}>
{saving ? 'Saving...' : 'Save OIDC Settings'}
</button>
</div>
</div>
)
}

202
src/pages/SetupWizardPage.tsx
View File

@@ -1,202 +0,0 @@
import { useState } from 'react'
import axios from 'axios'
interface Props {
initialWizardPort: number | null
onComplete: () => void
}
interface SetupForm {
admin_username: string
admin_password: string
admin_email: string
admin_full_name: string
backend_base_url: string
project_name: string
project_description: string
}
const STEPS = ['Wizard', 'Admin', 'Backend', 'Finish']
export default function SetupWizardPage({ initialWizardPort, onComplete }: Props) {
const [step, setStep] = useState(0)
const [error, setError] = useState('')
const [saving, setSaving] = useState(false)
const [connecting, setConnecting] = useState(false)
const [wizardPortInput, setWizardPortInput] = useState<string>(
initialWizardPort ? String(initialWizardPort) : ''
)
const [wizardBase, setWizardBase] = useState<string>('')
const [form, setForm] = useState<SetupForm>({
admin_username: 'admin',
admin_password: '',
admin_email: '',
admin_full_name: 'Admin',
backend_base_url: '',
project_name: '',
project_description: '',
})
const set = (key: keyof SetupForm, value: string | number) =>
setForm((f) => ({ ...f, [key]: value }))
const checkWizard = async () => {
setError('')
const port = Number(wizardPortInput)
if (!port || port <= 0 || port > 65535) {
setError('Please enter a valid wizard port (1-65535).')
return
}
const base = `http://127.0.0.1:${port}`
setConnecting(true)
try {
await axios.get(`${base}/health`, { timeout: 5000 })
setWizardBase(base)
localStorage.setItem('HF_WIZARD_PORT', String(port))
setStep(1)
} catch {
setError(`Unable to connect to AbstractWizard at ${base}.\nMake sure the SSH tunnel is up:\nssh -L ${port}:127.0.0.1:${port} user@server`)
} finally {
setConnecting(false)
}
}
const saveConfig = async () => {
setError('')
setSaving(true)
try {
const config = {
initialized: true,
admin: {
username: form.admin_username,
password: form.admin_password,
email: form.admin_email,
full_name: form.admin_full_name,
},
backend_url: form.backend_base_url || undefined,
}
await axios.put(`${wizardBase}/api/v1/config/harborforge.json`, config, {
headers: { 'Content-Type': 'application/json' },
timeout: 5000,
})
if (form.backend_base_url) {
localStorage.setItem('HF_BACKEND_BASE_URL', form.backend_base_url)
}
setStep(3)
} catch (err: any) {
setError(`Failed to save configuration: ${err.message}`)
} finally {
setSaving(false)
}
}
return (
<div className="setup-wizard">
<div className="setup-container">
<div className="setup-header">
<h1> HarborForge Setup Wizard</h1>
<div className="setup-steps">
{STEPS.map((s, i) => (
<span key={i} className={`setup-step ${i === step ? 'active' : i < step ? 'done' : ''}`}>
{i < step ? '✓' : i + 1}. {s}
</span>
))}
</div>
</div>
{error && <div className="setup-error">{error}</div>}
{/* Step 0: Wizard connection */}
{step === 0 && (
<div className="setup-step-content">
<h2>Connect to AbstractWizard</h2>
<p className="text-dim">Enter the local port that forwards to AbstractWizard, then test the connection.</p>
<div className="setup-info">
<p> AbstractWizard is reached over an SSH tunnel. Forward the port first:</p>
<code>ssh -L &lt;wizard_port&gt;:127.0.0.1:&lt;wizard_port&gt; user@your-server</code>
</div>
<div className="setup-form">
<label>
Wizard port
<input
type="number"
value={wizardPortInput}
min={1}
max={65535}
onChange={(e) => setWizardPortInput(e.target.value)}
placeholder="e.g. 8080"
/>
</label>
</div>
<div className="setup-nav">
<button className="btn-primary" onClick={checkWizard} disabled={connecting}>
{connecting ? 'Connecting...' : 'Test connection & continue'}
</button>
</div>
</div>
)}
{/* Step 1: Admin */}
{step === 1 && (
<div className="setup-step-content">
<h2>Admin account</h2>
<p className="text-dim">Create the first admin user</p>
<div className="setup-form">
<label>Username <input value={form.admin_username} onChange={(e) => set('admin_username', e.target.value)} required /></label>
<label>Password <input type="password" value={form.admin_password} onChange={(e) => set('admin_password', e.target.value)} required placeholder="Set admin password" /></label>
<label>Email <input type="email" value={form.admin_email} onChange={(e) => set('admin_email', e.target.value)} placeholder="admin@example.com" /></label>
<label>Full name <input value={form.admin_full_name} onChange={(e) => set('admin_full_name', e.target.value)} /></label>
</div>
<div className="setup-nav">
<button className="btn-back" onClick={() => setStep(0)}>Back</button>
<button className="btn-primary" onClick={() => {
if (!form.admin_password) { setError('Please set an admin password'); return }
setError('')
setStep(2)
}}>Next</button>
</div>
</div>
)}
{/* Step 2: Backend */}
{step === 2 && (
<div className="setup-step-content">
<h2>Backend URL</h2>
<p className="text-dim">Configure the HarborForge backend API URL (leave blank to use the frontend default).</p>
<div className="setup-form">
<label>Backend Base URL <input value={form.backend_base_url} onChange={(e) => set('backend_base_url', e.target.value)} placeholder="http://backend:8000" /></label>
</div>
<div className="setup-nav">
<button className="btn-back" onClick={() => setStep(1)}>Back</button>
<button className="btn-primary" onClick={saveConfig} disabled={saving}>
{saving ? 'Saving...' : 'Finish setup'}
</button>
</div>
</div>
)}
{/* Step 3: Done */}
{step === 3 && (
<div className="setup-step-content">
<div className="setup-done">
<h2> Setup complete!</h2>
<p>Configuration saved to AbstractWizard.</p>
<div className="setup-info">
<p>Restart services on the server:</p>
<code>docker compose restart</code>
<p style={{ marginTop: '1rem' }}>After the backend starts, refresh this page to go to login.</p>
<p>Admin account: <strong>{form.admin_username}</strong></p>
</div>
<button className="btn-primary" onClick={onComplete}>
Refresh to check
</button>
</div>
</div>
)}
</div>
</div>
)
}

106
src/pages/UsersPage.tsx
View File

@@ -1,6 +1,7 @@
import { useEffect, useMemo, useState } from 'react'
import api from '@/services/api'
import { useAuth } from '@/hooks/useAuth'
import { useAuthConfig } from '@/hooks/useAuthConfig'
import type { User } from '@/types'
interface RoleOption {
@@ -16,8 +17,13 @@ interface ApiKeyPerms {
export default function UsersPage() {
const { user } = useAuth()
const { config: authCfg } = useAuthConfig()
const oidcOnly = authCfg.oidcOnly
const oidcEnabled = authCfg.oidcEnabled
const isAdmin = user?.is_admin === true
const [bindForm, setBindForm] = useState({ issuer: '', subject: '' })
const [users, setUsers] = useState<User[]>([])
const [roles, setRoles] = useState<RoleOption[]>([])
const [loading, setLoading] = useState(true)
@@ -105,17 +111,20 @@ export default function UsersPage() {
}
const handleCreateUser = async () => {
if (!createForm.username.trim() || !createForm.email.trim() || !createForm.password.trim()) return
if (!createForm.username.trim() || !createForm.email.trim()) return
if (!oidcOnly && !createForm.password.trim()) return
setSaving(true)
setMessage('')
try {
const payload = {
const payload: Record<string, any> = {
username: createForm.username.trim(),
email: createForm.email.trim(),
full_name: createForm.full_name.trim() || null,
password: createForm.password,
role_id: createForm.role_id ? Number(createForm.role_id) : undefined,
}
if (!oidcOnly) {
payload.password = createForm.password
}
const { data } = await api.post<User>('/users', payload)
const guestRole = roles.find((r) => r.name === 'guest') ?? roles[0]
setCreateForm({
@@ -201,6 +210,42 @@ export default function UsersPage() {
}
}
const handleBindOidc = async () => {
if (!selectedUser) return
if (!bindForm.issuer.trim() || !bindForm.subject.trim()) return
setSaving(true)
setMessage('')
try {
await api.put(`/users/${selectedUser.id}/oidc-binding`, {
issuer: bindForm.issuer.trim(),
subject: bindForm.subject.trim(),
})
setBindForm({ issuer: '', subject: '' })
setMessage('OIDC identity bound successfully')
await fetchData()
} catch (err: any) {
setMessage(err.response?.data?.detail || 'Failed to bind OIDC identity')
} finally {
setSaving(false)
}
}
const handleUnbindOidc = async () => {
if (!selectedUser) return
if (!confirm(`Remove the OIDC binding for ${selectedUser.username}?`)) return
setSaving(true)
setMessage('')
try {
await api.delete(`/users/${selectedUser.id}/oidc-binding`)
setMessage('OIDC binding removed')
await fetchData()
} catch (err: any) {
setMessage(err.response?.data?.detail || 'Failed to remove OIDC binding')
} finally {
setSaving(false)
}
}
if (loading) return <div className="loading">Loading users...</div>
if (!isAdmin) {
@@ -251,10 +296,15 @@ export default function UsersPage() {
Full Name
<input value={createForm.full_name} onChange={(e) => setCreateForm({ ...createForm, full_name: e.target.value })} />
</label>
<label>
Password
<input type="password" value={createForm.password} onChange={(e) => setCreateForm({ ...createForm, password: e.target.value })} />
</label>
{!oidcOnly && (
<label>
Password
<input type="password" value={createForm.password} onChange={(e) => setCreateForm({ ...createForm, password: e.target.value })} />
</label>
)}
{oidcOnly && (
<p className="text-dim">OIDC-only mode: users are created without a password and sign in via a bound OIDC identity.</p>
)}
<label>
Role
<select value={createForm.role_id} onChange={(e) => setCreateForm({ ...createForm, role_id: e.target.value })}>
@@ -264,7 +314,7 @@ export default function UsersPage() {
))}
</select>
</label>
<button className="btn-primary" disabled={saving || !createForm.username.trim() || !createForm.email.trim() || !createForm.password.trim() || !createForm.role_id} onClick={handleCreateUser}>
<button className="btn-primary" disabled={saving || !createForm.username.trim() || !createForm.email.trim() || (!oidcOnly && !createForm.password.trim()) || !createForm.role_id} onClick={handleCreateUser}>
{saving ? 'Saving...' : 'Create User'}
</button>
</div>
@@ -326,10 +376,12 @@ export default function UsersPage() {
Full Name
<input value={editForm.full_name} onChange={(e) => setEditForm({ ...editForm, full_name: e.target.value })} />
</label>
<label>
Reset Password
<input type="password" placeholder="Leave blank to keep current password" value={editForm.password} onChange={(e) => setEditForm({ ...editForm, password: e.target.value })} />
</label>
{!oidcOnly && (
<label>
Reset Password
<input type="password" placeholder="Leave blank to keep current password" value={editForm.password} onChange={(e) => setEditForm({ ...editForm, password: e.target.value })} />
</label>
)}
<div style={{ marginTop: '8px', padding: '12px', border: '1px solid var(--border)', borderRadius: '8px' }}>
<div style={{ fontWeight: 600, marginBottom: '10px' }}>Role</div>
@@ -381,6 +433,36 @@ export default function UsersPage() {
)}
</div>
)}
{oidcEnabled && (
<div style={{ marginTop: '8px', padding: '12px', border: '1px solid var(--border)', borderRadius: '8px' }}>
<div style={{ fontWeight: 600, marginBottom: '10px' }}>OIDC Binding</div>
{selectedUser.oidc_subject ? (
<div style={{ marginBottom: 10 }}>
<div className="text-dim" style={{ fontFamily: 'monospace', wordBreak: 'break-all' }}>
issuer: {selectedUser.oidc_issuer || '—'}<br />
subject: {selectedUser.oidc_subject}
</div>
<button className="btn-danger" style={{ marginTop: 10 }} disabled={saving} onClick={handleUnbindOidc}>
Unbind OIDC identity
</button>
</div>
) : (
<div className="text-dim" style={{ marginBottom: 10 }}>No OIDC identity bound.</div>
)}
<label>
Issuer
<input value={bindForm.issuer} placeholder="https://idp.example.com" onChange={(e) => setBindForm({ ...bindForm, issuer: e.target.value })} />
</label>
<label>
Subject (sub)
<input value={bindForm.subject} placeholder="OIDC subject claim" onChange={(e) => setBindForm({ ...bindForm, subject: e.target.value })} />
</label>
<button className="btn-secondary" style={{ marginTop: 10 }} disabled={saving || !bindForm.issuer.trim() || !bindForm.subject.trim()} onClick={handleBindOidc}>
{selectedUser.oidc_subject ? 'Rebind OIDC identity' : 'Bind OIDC identity'}
</button>
</div>
)}
</div>
</>
) : (

23
src/runtime.ts Normal file
View File

@@ -0,0 +1,23 @@
// Runtime config injected by the container entrypoint into
// /runtime-config.js (from the deploy-time HARBORFORGE_OIDC_ONLY env).
// Available before the backend exists — used by the setup wizard.
declare global {
interface Window {
__HF_RUNTIME__?: { oidc_only?: boolean; logo_url?: string }
}
}
/** true/false from the injected runtime config, or null when unknown. */
export function getRuntimeOidcOnly(): boolean | null {
const v = typeof window !== 'undefined' ? window.__HF_RUNTIME__?.oidc_only : undefined
return typeof v === 'boolean' ? v : null
}
/** Brand logo URL: deploy-time override (HARBORFORGE_LOGO_URL) or the
* bundled default at /logo.svg. */
export function getLogoUrl(): string {
const u = typeof window !== 'undefined' ? window.__HF_RUNTIME__?.logo_url : undefined
return (typeof u === 'string' && u) ? u : '/logo.svg'
}
export {}

2
src/types/index.ts
View File

@@ -7,6 +7,8 @@ export interface User {
is_active: boolean
role_id: number | null
role_name: string | null
oidc_issuer?: string | null
oidc_subject?: string | null
created_at: string
}

8
src/vite-env.d.ts vendored
View File

@@ -2,6 +2,14 @@
interface ImportMetaEnv {
readonly VITE_API_BASE: string
/**
* Backend base URL baked in at build time (e.g.
* https://hf-api.example.com). Frontend uses this for all API calls.
* Passed to the Dockerfile as an ARG and forwarded to `npm run build`.
* Empty string falls back to same-origin (only useful in dev with the
* Vite proxy).
*/
readonly VITE_HF_BACKEND_BASE_URL: string
}
interface ImportMeta {