svemagie.net/indiekit-server
1
0
Fork 0
Code Issues 1 Actions Packages Projects Releases Activity

fix(auth): respect INDIEKIT_ADMIN_URL for login redirects

Browse Source
This commit is contained in:
svemagie
2026-03-08 01:10:34 +01:00
parent 65b26dec3d
commit 039b6ff86c
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1
View File
@@ -4,6 +4,7 @@
- The IndieKit admin is expected to run behind `/admin`.
- Set `INDIEKIT_ADMIN_URL` to the public admin base URL, including trailing slash (example: `https://blog.giersig.eu/admin/`).
- When `INDIEKIT_ADMIN_URL` is set, config wires absolute auth endpoints/callback base (`/auth`, `/auth/token`, `/auth/introspect`) to that URL to keep login redirects on `/admin/*`.
- Login uses `PASSWORD_SECRET` (bcrypt hash), not `INDIEKIT_PASSWORD`.
- If no `PASSWORD_SECRET` exists yet, open `/admin/auth/new-password` once to generate it.
- Post management UI should use `/posts` (`@indiekit/endpoint-posts.mountPath`).
indiekit.config.mjs
+9
View File
@@ -30,6 +30,9 @@ const githubActivityToken =
const publicationBaseUrl = (
process.env.PUBLICATION_URL || "https://blog.giersig.eu"
).replace(/\/+$/, "");
const adminBaseUrl = (process.env.INDIEKIT_ADMIN_URL || "")
.trim()
.replace(/\/+$/, "");
let webmentionDomain = process.env.WEBMENTION_IO_DOMAIN;
if (!webmentionDomain) {
@@ -45,6 +48,12 @@ export default {
application: {
name: "Indiekit",
mongodbUrl: mongoUrl,
...(adminBaseUrl && {
url: adminBaseUrl,
authorizationEndpoint: `${adminBaseUrl}/auth`,
introspectionEndpoint: `${adminBaseUrl}/auth/introspect`,
tokenEndpoint: `${adminBaseUrl}/auth/token`,
}),
},
publication: {
me: publicationBaseUrl,