platform/portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/m5.2-shells
portal/README.md
T
sharang e7a1290246
ci / shared (push) Successful in 4s
Details
ci / test (push) Successful in 26s
Details
ci / e2e (push) Has been skipped
Details
ci / image (push) Has been skipped
Details
feat(app): Next.js 16 + Auth.js v5 portal skeleton 
Next.js 16 + Auth.js v5 skeleton: host→slug middleware, tenant-context layout, OIDC sign-in flow against breakpilot-dev realm. 100% coverage on src/lib. Bumps next to 16.2.6 to clear trivy CVEs in 15.0.3.
2026-05-19 09:35:05 +00:00

4.0 KiB
Raw Permalink Blame History

portal

Next.js 16 customer area + backstage.

Part of the Breakpilot Platform. For the big picture see platform/docs: Architecture · Infrastructure · Product Integration Spec · Implementation Plan

What this is

Next.js 16 customer area + backstage. Scaffolded under milestone M5.1. See platform/docs for the full architecture context.

Plane: Control Owner: @sharang Status: pre-alpha Linked milestone: M5.1

Run locally

# Prerequisites: Node 20+, pnpm 9+, the dev stack running.

# 1. Bring up Keycloak + Postgres + Redis (separate clone):
cd /path/to/platform/orca-platform && make dev-up

# 2. Run tenant-registry (separate clone):
cd /path/to/platform/tenant-registry && make dev

# 3. Run this app:
make install      # pnpm install --frozen-lockfile
make dev          # next dev on http://localhost:3000

# Or hit a real tenant immediately:
# open http://acme.localhost:3000  →  redirects to Keycloak  →  back to /acme/dashboard

Seed login (from the dev-stack realm): test@breakpilot.dev / test.

make test / make lint / make typecheck / make build run vitest / eslint / tsc / next build respectively.

Env vars live in .env.example. Copy to .env.local for local overrides (gitignored).

Surface

Route Renders
http://localhost:3000/ Apex landing — pointer to tenant subdomains
http://<slug>.localhost:3000/ Middleware rewrites to /[slug]/ → redirects to /[slug]/dashboard
http://<slug>.localhost:3000/dashboard OIDC-gated dashboard; signed-out users see "Sign in with Keycloak"
http://backstage.localhost:3000/ (Skeleton) backstage route — rewritten to /__backstage__/*
/api/auth/[...nextauth] Auth.js v5 endpoints (callback, signin, signout, jwt)

Architecture notes

  • Host → slug routing: src/middleware.ts parses Host header via parseHost() (in src/lib/host.ts) and rewrites the request path to /<slug>/.... URL bar stays unchanged. Apex hosts and unknown subdomains fall through unmodified.
  • Tenant context: src/app/[slug]/layout.tsx fetches the tenant from tenant-registry (src/lib/tenant-registry.ts). 404 → notFound(); HTTP errors bubble up.
  • Auth: src/auth.ts is the Auth.js v5 config — Keycloak provider, tenant-context claims (tenant_id, tenant_slug, org_roles, products, plan, tenant_status) propagated via JWT/session callbacks. Real RBAC enforcement lands in M5.2 / M10.1.

Deployment

Env URL How
dev http://localhost:3000 make dev
stage https://portal.stage.breakpilot.com auto on merge to main
prod https://portal.breakpilot.com manual: tag vX.Y.Z + sign-off

Rollback: orca rollout undo portal --env={{env}}.

Observability

  • Traces, logs, metrics: SigNoz — service name portal
  • Audit events: Tenant Registry /audit (Retraced-shape schema)
  • On-call: oncall@breakpilot.com · runbook at platform/docs/runbooks/portal.md

Contributing

See CONTRIBUTING.md. TL;DR: branch from main, open a PR, 1 review + green CI, squash-merge.

License

Proprietary — all rights reserved. Copyright (c) 2026 Sharang Parnerkar and Benjamin Boenisch. See LICENSE.

Reference in New Issue View Git Blame Copy Permalink