coulomb/railiance-platform
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
520c7ea2c04ced056c74e655bef307f4cfb08f96
railiance-platform/helm/openbao-ui-overlay/login.js
tegwick 520c7ea2c0 fix(openbao-ui): serve standalone KeyCape login at /ui/vault/auth 
Ember's auth route bounces between ?with=netkingdom/ and ?with=token when
OIDC mounts are hidden from the unauthenticated listing. Bypass Ember on the
bare auth path with a static login page that calls auth_url directly; OIDC
callbacks still proxy to the OpenBao UI.
2026-06-19 21:13:08 +02:00

86 lines
2.4 KiB
JavaScript
Raw Blame History

(function () {
"use strict";
const PRESETS_URL = "/ui/platform-overlay/presets.json";
const DEFAULT_PRESETS = {
mount: "netkingdom",
role: "platform-admin",
title: "Sign in with KeyCape",
signInLabel: "Sign in with KeyCape",
banner:
"Platform operators authenticate through KeyCape at kc.coulomb.social.",
};
async function loadPresets() {
try {
const response = await fetch(PRESETS_URL, { cache: "no-store" });
if (!response.ok) return { ...DEFAULT_PRESETS };
return { ...DEFAULT_PRESETS, ...(await response.json()) };
} catch (_error) {
return { ...DEFAULT_PRESETS };
}
}
async function redirectToKeyCape(presets) {
const mount = presets.mount || "netkingdom";
const role = presets.role || "platform-admin";
const redirectUri = `${window.location.origin}/ui/vault/auth/${mount}/oidc/callback`;
const response = await fetch(`/v1/auth/${mount}/oidc/auth_url`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
role,
redirect_uri: redirectUri,
}),
});
if (!response.ok) {
throw new Error(`OIDC auth_url request failed (${response.status})`);
}
const payload = await response.json();
const authUrl = payload?.data?.auth_url;
if (!authUrl) {
throw new Error("OIDC auth_url missing from OpenBao response");
}
window.location.assign(authUrl);
}
function showError(message) {
const error = document.getElementById("login-error");
if (!error) return;
error.textContent = message;
error.classList.add("is-visible");
}
async function init() {
const presets = await loadPresets();
const title = document.getElementById("login-title");
const banner = document.getElementById("login-banner");
const button = document.getElementById("login-submit");
if (title) title.textContent = presets.title;
if (banner) banner.textContent = presets.banner;
if (button) button.textContent = presets.signInLabel;
if (!button) return;
button.addEventListener("click", async () => {
button.disabled = true;
try {
await redirectToKeyCape(presets);
} catch (error) {
button.disabled = false;
showError(
error instanceof Error
? error.message
: "Sign-in failed. Contact your administrator."
);
}
});
}
init();
})();
Reference in New Issue View Git Blame Copy Permalink