infra

History

Viktor Barzin 2d6812f951 fire-planner: dual ingress — /api/* unprotected, / behind Authentik The SPA can't carry an Authentik session on its own fetch() XHRs in all cases (cross-origin redirect to authentik.viktorbarzin.me on a stale cookie returns HTML, fetch().json() parse fails). Splitting the ingress so /api/ paths skip forward-auth lets the React app talk to its API end-to-end. The browser still has to log in via Authentik to load the SPA at /. Verified end-to-end via chrome-service Playwright: dashboard load, scenario list, what-if run with real Monte Carlo, save-as-scenario round-trip, run-now on detail, delete — all pass. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 11:12:40 +00:00
..
main.tf	fire-planner: dual ingress — /api/* unprotected, / behind Authentik	2026-05-10 11:12:40 +00:00
terragrunt.hcl	fire-planner: add stack, Vault DB role, dashboard, DB	2026-04-25 17:27:19 +00:00

Viktor Barzin 2d6812f951 fire-planner: dual ingress — /api/* unprotected, / behind Authentik

The SPA can't carry an Authentik session on its own fetch() XHRs in
all cases (cross-origin redirect to authentik.viktorbarzin.me on a
stale cookie returns HTML, fetch().json() parse fails). Splitting
the ingress so /api/ paths skip forward-auth lets the React app talk
to its API end-to-end. The browser still has to log in via
Authentik to load the SPA at /.

Verified end-to-end via chrome-service Playwright: dashboard load,
scenario list, what-if run with real Monte Carlo, save-as-scenario
round-trip, run-now on detail, delete — all pass.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-10 11:12:40 +00:00

main.tf

fire-planner: dual ingress — /api/* unprotected, / behind Authentik

2026-05-10 11:12:40 +00:00

terragrunt.hcl

fire-planner: add stack, Vault DB role, dashboard, DB

2026-04-25 17:27:19 +00:00