Fix PocketID callback URL to use full base URL
This commit is contained in:
@@ -77,7 +77,7 @@ async def pocketid_login_url(db: AsyncSession = Depends(get_db)):
|
|||||||
from urllib.parse import urlencode
|
from urllib.parse import urlencode
|
||||||
params = {
|
params = {
|
||||||
"client_id": client_id,
|
"client_id": client_id,
|
||||||
"redirect_uri": "/api/auth/pocketid/callback",
|
"redirect_uri": f"{settings.base_url}/api/auth/pocketid/callback",
|
||||||
"response_type": "code",
|
"response_type": "code",
|
||||||
"scope": "openid profile email",
|
"scope": "openid profile email",
|
||||||
}
|
}
|
||||||
@@ -94,7 +94,7 @@ async def pocketid_callback(code: str, db: AsyncSession = Depends(get_db)):
|
|||||||
resp = await client.post(
|
resp = await client.post(
|
||||||
f"{issuer}/token",
|
f"{issuer}/token",
|
||||||
data={"grant_type": "authorization_code", "code": code,
|
data={"grant_type": "authorization_code", "code": code,
|
||||||
"redirect_uri": "/api/auth/pocketid/callback",
|
"redirect_uri": f"{settings.base_url}/api/auth/pocketid/callback",
|
||||||
"client_id": client_id, "client_secret": client_secret},
|
"client_id": client_id, "client_secret": client_secret},
|
||||||
)
|
)
|
||||||
if resp.status_code != 200:
|
if resp.status_code != 200:
|
||||||
|
|||||||
@@ -6,28 +6,23 @@ from typing import Optional
|
|||||||
class Settings(BaseSettings):
|
class Settings(BaseSettings):
|
||||||
# Database
|
# Database
|
||||||
database_url: str = Field(..., env="DATABASE_URL")
|
database_url: str = Field(..., env="DATABASE_URL")
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
redis_url: str = Field("redis://localhost:6379/0", env="REDIS_URL")
|
redis_url: str = Field("redis://localhost:6379/0", env="REDIS_URL")
|
||||||
|
|
||||||
# Auth
|
# Auth
|
||||||
secret_key: str = Field(..., env="SECRET_KEY")
|
secret_key: str = Field(..., env="SECRET_KEY")
|
||||||
algorithm: str = "HS256"
|
algorithm: str = "HS256"
|
||||||
access_token_expire_minutes: int = 60 * 24 * 7 # 7 days
|
access_token_expire_minutes: int = 60 * 24 * 7 # 7 days
|
||||||
|
# Admin account
|
||||||
# Admin account - optional so the worker (which doesn't seed users) can start
|
|
||||||
# without it. The backend service checks this at seed time.
|
|
||||||
admin_username: str = Field("admin", env="ADMIN_USERNAME")
|
admin_username: str = Field("admin", env="ADMIN_USERNAME")
|
||||||
admin_password: Optional[str] = Field(None, env="ADMIN_PASSWORD")
|
admin_password: Optional[str] = Field(None, env="ADMIN_PASSWORD")
|
||||||
|
# Base URL - used for OAuth callbacks
|
||||||
|
base_url: str = Field("https://milevault.jarrett.eu", env="BASE_URL")
|
||||||
# PocketID OIDC (optional)
|
# PocketID OIDC (optional)
|
||||||
pocketid_issuer: Optional[str] = Field(None, env="POCKETID_ISSUER")
|
pocketid_issuer: Optional[str] = Field(None, env="POCKETID_ISSUER")
|
||||||
pocketid_client_id: Optional[str] = Field(None, env="POCKETID_CLIENT_ID")
|
pocketid_client_id: Optional[str] = Field(None, env="POCKETID_CLIENT_ID")
|
||||||
pocketid_client_secret: Optional[str] = Field(None, env="POCKETID_CLIENT_SECRET")
|
pocketid_client_secret: Optional[str] = Field(None, env="POCKETID_CLIENT_SECRET")
|
||||||
|
|
||||||
# Files
|
# Files
|
||||||
file_store_path: str = Field("/data/files", env="FILE_STORE_PATH")
|
file_store_path: str = Field("/data/files", env="FILE_STORE_PATH")
|
||||||
|
|
||||||
# Environment
|
# Environment
|
||||||
environment: str = Field("production", env="ENVIRONMENT")
|
environment: str = Field("production", env="ENVIRONMENT")
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user