fix: refactor auth settings to use api.ts, fix type alignment, OIDC token exchange

- Add auth management functions to api.ts (getAuthSettings, listUsers, etc.) - Refactor auth settings page to use centralized api.ts instead of raw fetch (FUNC-H2) - Add loading skeleton to auth settings page (UX-M16) - Add exchangeOidcToken() for httpOnly cookie OIDC flow (SEC-H3) - Fix Settings TypeScript type: has_npm_password boolean (FUNC-L) - Add last_alive_at to Instance type (FUNC-L)
2026-04-04 14:07:26 +03:00
parent 91b49cb5ed
commit 3743e7fe45
5 changed files with 137 additions and 170 deletions
@@ -331,6 +331,51 @@ export function getCurrentUser(): Promise<{ id: string; username: string; email:
 	return get<{ id: string; username: string; email: string; role: string }>('/api/auth/me');
 }

+// Auth settings
+export async function getAuthSettings(): Promise<any> {
+	return request<any>('/api/auth/settings');
+}
+
+export async function updateAuthSettings(settings: any): Promise<any> {
+	return request<any>('/api/auth/settings', {
+		method: 'PUT',
+		body: JSON.stringify(settings)
+	});
+}
+
+export async function listUsers(): Promise<any[]> {
+	return request<any[]>('/api/auth/users');
+}
+
+export async function createUser(data: { username: string; password: string; email?: string; role?: string }): Promise<any> {
+	return request<any>('/api/auth/users', {
+		method: 'POST',
+		body: JSON.stringify(data)
+	});
+}
+
+export async function updateUser(uid: string, data: { email?: string; role?: string }): Promise<any> {
+	return request<any>(`/api/auth/users/${uid}`, {
+		method: 'PUT',
+		body: JSON.stringify(data)
+	});
+}
+
+export async function changeUserPassword(uid: string, password: string): Promise<any> {
+	return request<any>(`/api/auth/users/${uid}/password`, {
+		method: 'PUT',
+		body: JSON.stringify({ password })
+	});
+}
+
+export async function deleteUser(uid: string): Promise<any> {
+	return request<any>(`/api/auth/users/${uid}`, { method: 'DELETE' });
+}
+
+export async function logout(): Promise<void> {
+	await request<any>('/api/auth/logout', { method: 'POST' });
+}
+
 // ── Config Export ────────────────────────────────────────────────────

 export function exportConfigUrl(): string {
@@ -28,3 +28,18 @@ export function clearAuth(): void {
 		localStorage.removeItem(TOKEN_KEY);
 	}
 }
+
+/** Exchanges the httpOnly OIDC cookie for a JWT token via the server endpoint. */
+export async function exchangeOidcToken(): Promise<string | null> {
+	try {
+		const res = await fetch('/api/auth/oidc/token', { method: 'POST' });
+		if (!res.ok) return null;
+		const envelope = await res.json();
+		if (envelope.success && envelope.data?.token) {
+			return envelope.data.token;
+		}
+		return null;
+	} catch {
+		return null;
+	}
+}
@@ -38,6 +38,7 @@ export interface Instance {
 	npm_proxy_id: number;
 	status: InstanceStatus;
 	port: number;
+	last_alive_at?: string;
 	created_at: string;
 	updated_at: string;
 }
@@ -101,8 +102,10 @@ export interface Settings {
 	notification_url: string;
 	npm_url: string;
 	npm_email: string;
-	npm_password: string;
-	webhook_secret: string;
+	/** Returned by GET as a boolean indicating whether the password is set. */
+	has_npm_password: boolean;
+	/** Sent on PUT to update the password; never returned by GET. */
+	npm_password?: string;
 	polling_interval: string;
 	base_volume_path: string;
 	ssl_certificate_id: number;