feat: add authentication for OSS (#167)

* feat: add authentication for OSS Fixes #157 and #156 * fix: fix token generation * fix: limit fastapi workers to 1
2026-06-10 08:05:22 +02:00 · 2026-02-20 18:21:24 +05:30 · 2026-02-20 18:21:24 +05:30 · 642cc34e8c
commit 642cc34e8c
parent 0791975864
48 changed files with 994 additions and 303 deletions
--- a/ui/src/context/AppConfigContext.tsx
+++ b/ui/src/context/AppConfigContext.tsx
@ -2,10 +2,14 @@

 import { createContext, ReactNode, useContext, useEffect, useState } from 'react';

+import { client } from '@/client/client.gen';
+
 interface AppConfig {
    uiVersion: string;
    apiVersion: string;
    backendApiEndpoint: string | null;
+    deploymentMode: string;
+    authProvider: string;
 }

 interface AppConfigContextType {
@ -17,6 +21,8 @@ const defaultConfig: AppConfig = {
    uiVersion: 'dev',
    apiVersion: 'unknown',
    backendApiEndpoint: null,
+    deploymentMode: 'oss',
+    authProvider: 'local',
 };

 const AppConfigContext = createContext<AppConfigContextType>({
@ -32,10 +38,17 @@ export function AppConfigProvider({ children }: { children: ReactNode }) {
        fetch('/api/config/version')
            .then((res) => res.json())
            .then((data) => {
+                // Use clientApiBaseUrl (filtered for browser-reachable URLs)
+                // to configure the API client; keep backendApiEndpoint for display
+                if (data.clientApiBaseUrl) {
+                    client.setConfig({ baseUrl: data.clientApiBaseUrl });
+                }
                setConfig({
                    uiVersion: data.ui || 'dev',
                    apiVersion: data.api || 'unknown',
                    backendApiEndpoint: data.backendApiEndpoint || null,
+                    deploymentMode: data.deploymentMode || 'oss',
+                    authProvider: data.authProvider || 'local',
                });
            })
            .catch(() => {
--- a/ui/src/context/UserConfigContext.tsx
+++ b/ui/src/context/UserConfigContext.tsx
@ -2,6 +2,7 @@

 import { createContext, ReactNode, useCallback, useContext, useEffect, useRef, useState } from 'react';

+import { client } from '@/client/client.gen';
 import { getUserConfigurationsApiV1UserConfigurationsUserGet, updateUserConfigurationsApiV1UserConfigurationsUserPut } from '@/client/sdk.gen';
 import type { UserConfigurationRequestResponseSchema } from '@/client/types.gen';
 import { setupAuthInterceptor } from '@/lib/apiClient';
@ -71,7 +72,7 @@ export function UserConfigProvider({ children }: { children: ReactNode }) {
    // so it's in place before any child effects fire API calls.
    // setupAuthInterceptor is idempotent — safe for strict mode double-renders.
    if (!auth.loading && auth.isAuthenticated) {
-        setupAuthInterceptor(auth.getAccessToken);
+        setupAuthInterceptor(client, auth.getAccessToken);
    }

    // Fetch permissions once when auth is ready