YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): Complete OIDC security refactor and modernize test suite

Browse Source 
- Refactored OIDC flow to implement PKCE, state/nonce validation, and BFF pattern.
- Centralized configuration in Settings class (DEV_MODE, FRONTEND_URL, OIDC_REDIRECT_URI).
- Updated auth routers to use conditional secure cookie flags based on DEV_MODE.
- Modernized and cleaned up test suite by removing legacy Streamlit tests.
- Fixed linting errors and unused imports across the backend.
This commit is contained in:
Yunxiao Xu
2026-02-15 02:50:26 -08:00
parent 48ad0ebdd7
commit 68c0985482
50 changed files with 222 additions and 515 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/.env.example
View File

@@ -6,7 +6,8 @@ GOOGLE_API_KEY=your_google_api_key_here
DATA_DIR=data
DATA_STATE=new_jersey
LOG_LEVEL=INFO
DEV_MODE=false
DEV_MODE=true
FRONTEND_URL=http://localhost:5173
# Security & JWT Configuration
SECRET_KEY=change-me-in-production
@@ -28,7 +29,7 @@ HISTORY_DB_URL=postgresql://user:password@localhost:5433/ea_history
OIDC_CLIENT_ID=your_client_id
OIDC_CLIENT_SECRET=your_client_secret
OIDC_SERVER_METADATA_URL=https://your-authentik.example.com/application/o/ea-chatbot/.well-known/openid-configuration
OIDC_REDIRECT_URI=http://localhost:8501
OIDC_REDIRECT_URI=http://localhost:8000/api/v1/auth/oidc/callback
# Node Configuration Overrides (Optional)
# Format: <NODE_NAME>_LLM__<PARAMETER>