platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(app): Next.js 15 + Auth.js v5 portal skeleton
ci / shared (pull_request) Failing after 4s
Details
ci / test (pull_request) Has been skipped
Details
ci / e2e (pull_request) Has been skipped
Details
ci / image (pull_request) Has been skipped
Details

Browse Source 
Lands the minimum surface so a developer can:

  cd platform/orca-platform && make dev-up
  cd platform/tenant-registry && make dev
  cd platform/portal && make install && make dev
  open http://acme.localhost:3000

and complete a real OIDC sign-in against the breakpilot-dev realm.

Layout:
  src/middleware.ts                host→slug URL rewrite; backstage carve-out
  src/auth.ts                      Auth.js v5 Keycloak provider; passes
                                   tenant_id/slug/org_roles/products/plan/status
                                   claims through to the session
  src/app/api/auth/[...nextauth]/  Auth.js handlers (GET, POST)
  src/app/layout.tsx               root html shell
  src/app/page.tsx                 apex landing
  src/app/[slug]/layout.tsx        fetches tenant via lib/tenant-registry
  src/app/[slug]/page.tsx          redirect to /dashboard
  src/app/[slug]/dashboard/page.tsx
                                   signed-out → Sign in with Keycloak
                                   signed-in  → welcome + Sign out
  src/lib/host.ts                  testable host parser (apex/tenant/backstage)
  src/lib/tenant-registry.ts       fetch client for the Go service

Tooling:
  vitest                           13 tests, 100% coverage of src/lib/
  Next.js 15 build                 compiles all routes; output: standalone
  ESLint flat config               next/core-web-vitals + next/typescript

Real RBAC enforcement, the rest of the customer-area surfaces, and the
backstage shell land per the M5.2 / M10.1 schedule. This is just enough
to be the first thing a developer codes in.

Refs: M5.1 (skeleton)
This commit is contained in:
Sharang Parnerkar
2026-05-18 22:54:52 +02:00
parent 3c7409ee9e
commit ac22ccef9b
24 changed files with 5294 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware.ts
+36
View File
@@ -0,0 +1,36 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { parseHost } from "@/lib/host";
// Host → URL-rewrite. Acme visits acme.localhost:3000/dashboard; we
// internally rewrite to /acme/dashboard so the [slug] route group renders.
// URL bar stays unchanged.
//
// Backstage (backstage.<apex>) rewrites to /__backstage__/<rest>.
// Apex hosts (localhost, breakpilot.com) get a marketing/landing page
// at the root route.
export function middleware(request: NextRequest) {
const match = parseHost(request.headers.get("host"));
const url = request.nextUrl.clone();
if (match.kind === "tenant") {
if (!url.pathname.startsWith(`/${match.slug}/`) && url.pathname !== `/${match.slug}`) {
url.pathname = `/${match.slug}${url.pathname === "/" ? "" : url.pathname}`;
return NextResponse.rewrite(url);
}
} else if (match.kind === "backstage") {
if (!url.pathname.startsWith("/__backstage__")) {
url.pathname = `/__backstage__${url.pathname === "/" ? "" : url.pathname}`;
return NextResponse.rewrite(url);
}
}
return NextResponse.next();
}
export const config = {
// Skip Next internals + API + static assets so middleware doesn't
// double-rewrite the auth callback or _next/static.
matcher: ["/((?!api|_next/static|_next/image|favicon.ico).*)"],
};