marcel/familienarchiv
1
0
Fork 0
Code Issues 117 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): resolve login redirect loop in Docker #11

Merged
marcel merged 5 commits from fix/login-redirect into main 2026-03-19 15:13:20 +01:00
Conversation 0 Commits 5 Files Changed 4 +15 -8
marcel commented 2026-03-19 12:57:17 +01:00
Owner
Copy Link

Summary

  • The userGroup hook in hooks.server.ts was hardcoding http://localhost:8080 instead of reading API_INTERNAL_URL from the environment
  • In Docker, this fetch silently failed, leaving event.locals.user unset
  • The handleAuth guard then redirected every request (including the login form POST) to /login, creating an infinite redirect loop

Test plan

  • Log in locally (npm run dev + backend running) — login should work as before
  • Log in via Docker Compose — login should no longer loop back to /login
  • Verify that after login the user lands on the home page

🤖 Generated with Claude Code

## Summary - The `userGroup` hook in `hooks.server.ts` was hardcoding `http://localhost:8080` instead of reading `API_INTERNAL_URL` from the environment - In Docker, this fetch silently failed, leaving `event.locals.user` unset - The `handleAuth` guard then redirected every request (including the login form POST) to `/login`, creating an infinite redirect loop ## Test plan - [ ] Log in locally (`npm run dev` + backend running) — login should work as before - [ ] Log in via Docker Compose — login should no longer loop back to `/login` - [ ] Verify that after login the user lands on the home page 🤖 Generated with [Claude Code](https://claude.com/claude-code)
marcel added 1 commit 2026-03-19 12:57:17 +01:00
fix(auth): use API_INTERNAL_URL in userGroup hook
Some checks failed
CI / Backend Unit Tests (push) Has been cancelled
Details
CI / Unit & Component Tests (push) Has been cancelled
Details
CI / E2E Tests (push) Has been cancelled
Details
CI / Unit & Component Tests (pull_request) Has been cancelled
Details
CI / Backend Unit Tests (pull_request) Has been cancelled
Details
CI / E2E Tests (pull_request) Has been cancelled
Details
a52b8a0694 
The userGroup hook was hardcoding http://localhost:8080 instead of
reading API_INTERNAL_URL from the environment. In Docker this caused
the /api/users/me fetch to fail silently, leaving event.locals.user
unset and triggering the handleAuth guard to redirect every page to
/login — including the login form action itself, creating an infinite
redirect loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marcel added 1 commit 2026-03-19 12:58:29 +01:00
fix(api): use API_INTERNAL_URL in tags and persons proxy routes
Some checks failed
CI / Unit & Component Tests (push) Has been cancelled
Details
CI / Backend Unit Tests (push) Has been cancelled
Details
CI / E2E Tests (push) Has been cancelled
Details
CI / Unit & Component Tests (pull_request) Has been cancelled
Details
CI / Backend Unit Tests (pull_request) Has been cancelled
Details
CI / E2E Tests (pull_request) Has been cancelled
Details
5044f99aac 
Both SvelteKit API proxy routes were hardcoding http://localhost:8080,
breaking typeahead search in Docker environments.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marcel added 1 commit 2026-03-19 13:06:39 +01:00
fix(ci): pass docker-compose.ci.yml override to e2e compose commands
Some checks failed
CI / Unit & Component Tests (push) Has been cancelled
Details
CI / Backend Unit Tests (push) Has been cancelled
Details
CI / E2E Tests (push) Has been cancelled
Details
CI / Unit & Component Tests (pull_request) Successful in 9m19s
Details
CI / Backend Unit Tests (pull_request) Successful in 1m54s
Details
CI / E2E Tests (pull_request) Failing after 4m14s
Details
a87f40d0ea 
The e2e job was calling plain `docker compose up` without the CI
override file, so it used the base compose bind-mount for MinIO
(./data/minio) which doesn't exist on the runner. The CI override
replaces bind mounts with ephemeral named volumes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marcel added 1 commit 2026-03-19 14:00:52 +01:00
fix(ci): connect job container to compose network for DB/MinIO access
Some checks failed
CI / Unit & Component Tests (push) Successful in 9m36s
Details
CI / Backend Unit Tests (push) Successful in 1m54s
Details
CI / E2E Tests (push) Failing after 1m39s
Details
CI / Unit & Component Tests (pull_request) Successful in 9m16s
Details
CI / Backend Unit Tests (pull_request) Successful in 1m59s
Details
CI / E2E Tests (pull_request) Failing after 2m8s
Details
c023d5b0a2 
The act_runner job runs inside a Docker container. Docker Compose port
mappings bind to the Docker host, not the job container's localhost —
so localhost:5433 was always refused.

Fix: after compose starts, connect the job container (identified by
/etc/hostname) to the archive-net compose network. Then switch the
backend startup args to use service names db:5432 and minio:9000
instead of host-mapped ports.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marcel added 1 commit 2026-03-19 14:32:38 +01:00
fix(ci): pin DOCKER_API_VERSION=1.43 for e2e job
Some checks failed
CI / Unit & Component Tests (push) Successful in 9m49s
Details
CI / Backend Unit Tests (push) Successful in 2m15s
Details
CI / E2E Tests (push) Failing after 13m6s
Details
CI / Unit & Component Tests (pull_request) Successful in 11m14s
Details
CI / Backend Unit Tests (pull_request) Successful in 2m18s
Details
CI / E2E Tests (pull_request) Failing after 13m20s
Details
706c029a5e 
The runner's Docker client negotiates API 1.53 but the daemon on the
NAS only supports up to 1.43. Pin the version for all docker commands
in the e2e job, including the new network connect step.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
marcel merged commit db6dc28528 into main 2026-03-19 15:13:20 +01:00
marcel deleted branch fix/login-redirect 2026-03-19 15:13:22 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
P0-critical
Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.
 P1-high
Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.
 P2-medium
Noticeable improvement; doesn't block anything; schedule opportunistically.
 P3-later
Cosmetic or parking-lot work; fine to stay open indefinitely.
 audit
Read-only audit / assessment work; produces a report rather than changing code
 bug
Something isn't working
 cleanup
Removal of dead code, vague comments, naming violations, and scratch artifacts
 collaboration
We want to extend the family archive to have more collaboration tools
 conversation
descoped
We will do that later
 devops
documentation
README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs
 epic
Marker for epic-level issues that group multiple child issues
 feature
file-upload
legibility
Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction
 notification
person
phase-1: security
Security hygiene — must be done first
 phase-2: container-images
Production-ready multi-stage Docker images
 phase-3: prod-compose
Production compose overlay + Caddy reverse proxy
 phase-4: spring-prod-profile
Spring Boot production configuration profile
 phase-5: backups
Database and object storage backup strategy
 phase-6: deployment-docs
.env.example, DEPLOYMENT.md, runbook
 phase-7: monitoring
Prometheus, Loki, Grafana, Alertmanager
 refactor
Code restructuring without behaviour change
 security
test
ui
UI/UX and accessibility issues
 user
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Jens marcel
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: marcel/familienarchiv#11
Delete Branch "fix/login-redirect"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?