feat(auth): Complete OIDC security refactor and modernize test suite

- Refactored OIDC flow to implement PKCE, state/nonce validation, and BFF pattern. - Centralized configuration in Settings class (DEV_MODE, FRONTEND_URL, OIDC_REDIRECT_URI). - Updated auth routers to use conditional secure cookie flags based on DEV_MODE. - Modernized and cleaned up test suite by removing legacy Streamlit tests. - Fixed linting errors and unused imports across the backend.
2026-02-15 02:50:26 -08:00
parent 48ad0ebdd7
commit 68c0985482
50 changed files with 222 additions and 515 deletions
--- a/backend/src/ea_chatbot/config.py
+++ b/backend/src/ea_chatbot/config.py
@@ -19,6 +19,8 @@ class Settings(BaseSettings):
    data_dir: str = "data"
    data_state: str = "new_jersey"
    log_level: str = Field(default="INFO", alias="LOG_LEVEL")
+    dev_mode: bool = Field(default=True, alias="DEV_MODE")
+    frontend_url: str = Field(default="http://localhost:5173", alias="FRONTEND_URL")
    
    # Voter Database configuration
    db_host: str = Field(default="localhost", alias="DB_HOST")
@@ -40,6 +42,7 @@ class Settings(BaseSettings):
    oidc_client_id: Optional[str] = Field(default=None, alias="OIDC_CLIENT_ID")
    oidc_client_secret: Optional[str] = Field(default=None, alias="OIDC_CLIENT_SECRET")
    oidc_server_metadata_url: Optional[str] = Field(default=None, alias="OIDC_SERVER_METADATA_URL")
+    oidc_redirect_uri: str = Field(default="http://localhost:8000/api/v1/auth/oidc/callback", alias="OIDC_REDIRECT_URI")

    # Default configurations for each node
    query_analyzer_llm: LLMConfig = Field(default_factory=lambda: LLMConfig(model="gpt-5-mini", temperature=0.0))