05f8e2e3b6
- Create reusable components: auth, api-client, shared-types - ModeTemplate with Hono backend and SvelteKit frontend - Auth store refactored to class-based Svelte 5 pattern - SSR-safe hydrate() pattern for localStorage access - Frontend builds successfully with Svelte 5 runes
Auth Component
Microsoft OAuth authentication that returns user info and a PocketBase token.
Users must already exist in PocketBase - no user creation. Access denied if user not found.
What it does
- Redirects user to Microsoft login
- Exchanges auth code for access token
- Gets user's email and display name from Microsoft Graph
- Checks if user exists in PocketBase (denies access if not)
- Returns PocketBase auth token
Environment Variables Used
These variables exist in /home/admin/secrets/.env:
MICROSOFT_CLIENT_ID
MICROSOFT_CLIENT_SECRET
MICROSOFT_TENANT_ID
MICROSOFT_REDIRECT_URI
MICROSOFT_SCOPES
PB_URL
Usage in Hono Backend
import { Hono } from 'hono';
import { getAuthUrl, handleCallback, getConfigFromEnv } from './components/auth';
const app = new Hono();
const config = getConfigFromEnv();
// Redirect to Microsoft login
app.get('/auth/login', (c) => {
return c.redirect(getAuthUrl(config));
});
// Handle callback from Microsoft
app.get('/auth/callback', async (c) => {
const code = c.req.query('code');
if (!code) {
return c.json({ error: 'No authorization code' }, 400);
}
try {
const result = await handleCallback(code, config);
// result contains:
// - email: string
// - displayName: string
// - pocketbaseToken: string
return c.json(result);
} catch (err) {
// User doesn't exist or auth failed
return c.json({ error: String(err) }, 403);
}
});
Copying to a Mode
- Copy the entire
components/auth/folder to your mode'sbackend/modules/auth/ - Update imports in your server
- Environment variables are loaded from secrets at runtime
Dependencies
None - uses native fetch API (Bun/Node 18+). No package.json needed - inherits from consuming project.
Returns
interface AuthResult {
email: string; // User's email from Microsoft
displayName: string; // User's display name from Microsoft
pocketbaseToken: string; // Auth token for PocketBase API calls
}