admin/honeyDueWeb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
42e7bedea4ffb95810819d8fe54bf1474f946b6c
honeyDueWeb/.env.example
T
Trey t 42e7bedea4 Replace hand-rolled auth with Ory Kratos browser flows 
The honeyDue Go API no longer owns identity — Ory Kratos at
NEXT_PUBLIC_KRATOS_URL does. Rewrite the web app's auth layer to use Kratos
browser self-service flows and the ory_kratos_session cookie.

- Kratos client (src/lib/kratos/): flow init/fetch/submit, whoami, logout,
  message helpers, and the useKratosFlow lifecycle hook.
- Generic flow renderer (src/components/auth/): KratosFlowForm renders
  ui.nodes (inputs, oidc social buttons, hidden csrf), KratosMessages
  surfaces flow-level messages, AuthGate guards /app via whoami.
- Auth pages (login/register/forgot-password/verify-email/reset-password)
  rewritten as Kratos login/registration/recovery/verification/settings
  flows. Password change in settings now uses the Kratos settings flow.
- Proxy + serverFetch forward the ory_kratos_session cookie to the Go API
  instead of "Authorization: Token". Deleted /api/auth/{login,logout,me}.
- Middleware does a cheap ory_kratos_session cookie pre-filter; AuthGate's
  whoami call is authoritative.
- auth store rewritten around whoami + GET /auth/me; removed dead auth API
  functions, types/auth, validations/auth, code-input.
- Added NEXT_PUBLIC_KRATOS_URL to config (.env.example) and CLAUDE.md.

npm run build passes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 18:16:49 -05:00

20 lines
871 B
Bash
Raw Blame History

# ---------------------------------------------------------------------------
# honeyDue Web — environment variables
# ---------------------------------------------------------------------------
# Copy to `.env.local` and fill in. `.env*` is gitignored.
# honeyDue Go API base URL (client-side, used by the Next.js proxy).
NEXT_PUBLIC_API_URL=https://honeyDue.treytartt.com/api
# honeyDue Go API base URL (server-side; falls back to NEXT_PUBLIC_API_URL).
# API_URL=https://honeyDue.treytartt.com/api
# Ory Kratos public API base URL. Identity (login, registration, recovery,
# verification, settings, social sign-in) is owned by Kratos. The browser
# talks to Kratos self-service flows directly.
NEXT_PUBLIC_KRATOS_URL=https://auth.myhoneydue.com
# PostHog analytics (optional).
# NEXT_PUBLIC_POSTHOG_KEY=
# NEXT_PUBLIC_POSTHOG_HOST=https://analytics.88oakapps.com
Reference in New Issue View Git Blame Copy Permalink