Fix PocketBase auth and note submission

- Replace popup OAuth with SDK authWithOAuth2 realtime channel (urlCallback)
  so login works in Edge app mode without navigating the main window
- Remove manual redirect/sessionStorage OAuth flow that broke in Edge app mode
- Serve PocketBase config (URL, collection, provider) from server endpoint
  backed by env vars instead of hardcoded localhost
- Fix /api/submit: target Notes collection with correct field mapping
  (body_plain, body_html, title, type, email, Username, userId, job_note,
  Job_Number) instead of Job_Info_Prod with wrong field names
- Remove localhost fallbacks from auth-module backend and frontend
This commit is contained in:
2026-03-24 18:29:51 +00:00
parent c76739d0d7
commit 513e975530
4 changed files with 182 additions and 40 deletions
+53 -12
View File
@@ -34,14 +34,18 @@ app.use('/*', cors({ origin: '*', credentials: true }));
// ---------------------------------------------------------------------------
// PocketBase
// ---------------------------------------------------------------------------
const pb = new PocketBase(process.env.PB_DB || 'http://127.0.0.1:8090');
const PB_BASE_URL = process.env.PB_URL || process.env.PB_DB || '';
const PB_AUTH_COLLECTION = process.env.PB_AUTH_COLLECTION || 'Users';
const PB_OAUTH_PROVIDER = 'microsoft';
const pb = new PocketBase(PB_BASE_URL);
function setPbToken(token: string) { pb.authStore.save(token, null); }
function clearPbToken() { pb.authStore.clear(); }
async function validatePbToken(token: string): Promise<void> {
setPbToken(token);
await pb.collection(process.env.PB_AUTH_COLLECTION || 'Users').authRefresh();
await pb.collection(PB_AUTH_COLLECTION).authRefresh();
}
// ---------------------------------------------------------------------------
@@ -110,7 +114,19 @@ async function resolveSiteId(delegatedToken: string): Promise<string> {
// Routes
// ---------------------------------------------------------------------------
app.get('/health', (c) => c.json({ ok: true, pbDB: process.env.PB_DB }));
app.get('/health', (c) => c.json({ ok: true, pbDB: PB_BASE_URL }));
app.get('/api/auth/pocketbase-config', (c) => {
if (!PB_BASE_URL) {
return c.json({ success: false, message: 'Missing PB_URL or PB_DB' }, 500);
}
return c.json({
success: true,
pbUrl: PB_BASE_URL,
collection: PB_AUTH_COLLECTION,
provider: PB_OAUTH_PROVIDER,
});
});
app.get('/api/auth/msal-config', (c) => {
const clientId = process.env.CLIENT_ID || '';
@@ -275,8 +291,10 @@ app.post('/api/onenote/append', async (c) => {
});
// ---------------------------------------------------------------------------
// POST /api/submit — save a record to PocketBase
// POST /api/submit — save a note record to PocketBase Notes collection
// ---------------------------------------------------------------------------
const PB_NOTES_COLLECTION = process.env.PB_NOTES_COLLECTION || 'Notes';
app.post('/api/submit', async (c) => {
try {
const body = await c.req.json();
@@ -288,19 +306,42 @@ app.post('/api/submit', async (c) => {
return c.json({ success: false, message: 'Invalid token' }, 401);
}
const record = await pb
.collection(process.env.PB_COLLECTION || 'Job_Info_TestEnv')
.create({
...body,
submittedBy: pb.authStore.model?.email || 'unknown',
submittedAt: new Date().toISOString(),
});
const user = pb.authStore.model;
const bodyPlain = String(body.bodyPlain || '').trim();
const title = String(body.title || 'Untitled').trim();
const noteType = String(body.noteType || 'personal').trim();
const jobNumber = String(body.jobNumber || '').trim();
// Convert plain text to simple HTML (matches what the main app stores)
const bodyHtml = bodyPlain
.split(/\r\n|\r|\n/)
.map((line) => `<p>${line || '&nbsp;'}</p>`)
.join('');
const payload: Record<string, unknown> = {
body_plain: bodyPlain,
body_html: bodyHtml,
title,
type: noteType,
email: user?.email || body.userEmail || '',
Username: user?.name || user?.username || user?.email || '',
userId: user?.id || '',
job_note: noteType === 'job' || !!jobNumber,
shared: false,
shared_with: [],
};
if (jobNumber) {
payload['Job_Number'] = jobNumber;
}
const record = await pb.collection(PB_NOTES_COLLECTION).create(payload);
console.log('submission_success', { recordId: record.id });
return c.json({ success: true, recordId: record.id });
} catch (err) {
console.error('submit_error', { message: (err as Error)?.message });
return c.json({ success: false, message: 'Internal error' }, 500);
return c.json({ success: false, message: (err as Error)?.message || 'Internal error' }, 500);
} finally {
clearPbToken();
}