feat: Add OIDC authentication with Authentik integration

- Add OIDC login flow with Authentik provider - Implement session-based auth with Redis store - Add avatar display from OIDC claims - Fix input field performance with react-textarea-autosize - Stabilize callbacks to prevent unnecessary re-renders - Fix history loading to skip empty session files - Add 2-row default height for input textarea 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 06:07:22 +01:00
parent cfee1711dc
commit 1186cb1b5e
23 changed files with 2884 additions and 87 deletions
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -8,7 +8,46 @@ server {
    gzip on;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

-    # SPA routing
+    # Backend API proxy (same network namespace via netbird-client)
+    # Using 127.0.0.1 instead of localhost to force IPv4 (avoids IPv6 connection issues)
+    # Note: proxy_pass without URI preserves URL encoding (important for paths with %2F)
+    location /api/ {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # Always HTTPS since NPM handles SSL termination (required for secure cookies)
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    # Auth routes proxy
+    location /auth/ {
+        proxy_pass http://127.0.0.1:3001/auth/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # Always HTTPS since NPM handles SSL termination
+        proxy_set_header X-Forwarded-Proto https;
+    }
+
+    # WebSocket proxy for Claude sessions
+    location /ws {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        # Always HTTPS since NPM handles SSL termination
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_read_timeout 86400;
+        proxy_send_timeout 86400;
+    }
+
+    # SPA routing for frontend
    location / {
        try_files $uri $uri/ /index.html;
    }