fix(logout): make SMB_NAME required, drop "moneta" defaults (layered on #12)#13
Closed
awais786 wants to merge 2 commits into
Closed
fix(logout): make SMB_NAME required, drop "moneta" defaults (layered on #12)#13awais786 wants to merge 2 commits into
awais786 wants to merge 2 commits into
Conversation
Layered on top of #12. The "moneta" defaults scattered across auth-utils.ts, docker-entrypoint.js, both .env.example files, and both compose files re-introduce the bug class the env var is meant to close: a hardcoded literal that breaks silently the next time the deployment moves domains. Aligns SurfSense with the sso-rules invariant merged in awais786/sso-rules#1 (required env, no default, fail loudly) and the sibling PRs in Outline #10, Penpot #11, Twenty #2 (all fail-fast). Changes ------- - auth-utils.ts: drop `|| "moneta"` fallback. Use process.env.NEXT_PUBLIC_SMB_NAME!.trim(). Rename smbLabel → smbName to match the variable name in every other app's logout file. Drop the dead 3-line comment about the fallback. - docker-entrypoint.js: add fail-fast SSO check before the replacements array. Drop the (... || "moneta").trim() || "moneta" double-fallback — substitute process.env.SMB_NAME directly. - surfsense_web/.env.example + docker/.env.example: drop the =moneta default. Document as required under SSO with sso-rules cross-reference. - docker/docker-compose.yml: drop :-moneta. Use ${SMB_NAME:?...} so compose-up fails with a clear message if unset. - docker/docker-compose.dev.yml: same — drop the ${SMB_NAME:-${NEXT_PUBLIC_SMB_NAME:-moneta}} chain in favor of ${SMB_NAME:?...}. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Drops the NEXT_PUBLIC_SMB_NAME read on the SPA logout path. The previous approach required threading SMB_NAME through devstack docker-compose runtime env → docker-entrypoint.js placeholder substitution → bundle; any broken link silently routed logout to the wrong host or crashed. Switching to a regex on window.location.hostname removes the env dependency and works for any `<prefix>-<app>.<domain>` shape: - foss-research.local.moneta.dev → foss.local.moneta.dev - moneta-research.askii.ai → moneta.askii.ai The __NEXT_PUBLIC_SMB_NAME__ placeholder + entrypoint substitution are now dead; will be removed in a separate cleanup pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacks on top of #12 — base branch is
jawad/logout-url-fix, notfoss-main. Merge #12 first, then this. Or squash-merge both together.Why
The
"moneta"defaults scattered acrossauth-utils.ts,docker-entrypoint.js, both.env.examplefiles, and both compose files re-introduce the bug class the env var is meant to close: a hardcoded literal that breaks silently the next time the deployment moves domains. Same failure mode as the original"foss."bug, one layer back.Aligns SurfSense with:
Without this, SurfSense becomes the one app that silently rewrites to the wrong host on misconfig — and future devs reading the code will treat SurfSense as the template.
Changes
surfsense_web/lib/auth-utils.ts— drop|| "moneta"fallback. Useprocess.env.NEXT_PUBLIC_SMB_NAME!.trim(). RenamesmbLabel→smbNameto match every other app's logout file. Drop the dead 3-line fallback comment.surfsense_web/docker-entrypoint.js— add fail-fast SSO check before the replacements array. Drop the(... || "moneta").trim() || "moneta"double-fallback; substituteprocess.env.SMB_NAMEdirectly.surfsense_web/.env.example+docker/.env.example— drop=monetadefault. Document as required under SSO with sso-rules cross-reference.docker/docker-compose.yml— drop:-moneta. Use${SMB_NAME:?...}sodocker compose upfails immediately with a clear message if unset.docker/docker-compose.dev.yml— drop the${SMB_NAME:-${NEXT_PUBLIC_SMB_NAME:-moneta}}chain in favor of${SMB_NAME:?...}.Test plan
SMB_NAME=moneta docker compose up(prod): SPA logout lands onmoneta.<domain>docker compose upwithSMB_NAMEunset: container exits at startup with the entrypoint errorSMB_NAME=moneta docker compose -f docker-compose.dev.yml up: dev image builds, logout worksdocker compose -f docker-compose.dev.yml upwithSMB_NAMEunset: compose-up fails at the build step with the:?errornext devwithNEXT_PUBLIC_SMB_NAME=monetain.env: worksnext devwith noNEXT_PUBLIC_SMB_NAME: SPA crashes at logout (expected — verifies the fail-loud shape)🤖 Generated with Claude Code