shad0w/pelagia-portal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pelagia-portal/App/.env.example
Hardik 56817a7d86 feat(auth): add Microsoft 365 SSO via Azure Entra ID 
Adds the Microsoft Entra ID provider to NextAuth alongside the existing
credentials provider. Sign-in is restricted to Pelagia Marine's M365
tenant via the issuer URL; access is further gated by requiring a
matching active user record in the DB (DB-managed roles remain unchanged).

- auth.ts: add MicrosoftEntra provider, signIn callback (DB lookup),
  async jwt callback to populate id/role on first SSO sign-in
- login-form.tsx: add primary "Sign in with Microsoft 365" button with
  Microsoft logo; credentials form kept as a fallback below a divider
- prisma: make passwordHash nullable (migration applied) to allow
  SSO-only users without a local password
- admin/users: password is now optional when creating a user — leave
  blank for SSO-only accounts
- profile/actions: return a clear error if an SSO user (no passwordHash)
  attempts to use the change-password form
- .env.example: document AZURE_AD_CLIENT_ID/SECRET/TENANT_ID

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 22:48:37 +05:30

50 lines
2.7 KiB
Text
Raw Blame History

# =============================================================
# Pelagia Portal — Environment Variables
# Copy this file to .env.local and fill in your values
#
# DEVELOPMENT (NODE_ENV=development, i.e. `pnpm dev`):
# - File uploads are stored locally in .dev-uploads/ — no R2 needed
# - Emails are logged to the terminal — no Resend key needed
# - Only AUTH + DATABASE vars are required to run the app locally
#
# PRODUCTION (NODE_ENV=production, i.e. `pnpm build && pnpm start`):
# - All sections below must be filled in
# =============================================================
# ── Auth ─────────────────────────────────────────────────────
NEXTAUTH_SECRET=your-32-char-secret-here-generate-with-openssl
NEXTAUTH_URL=http://localhost:3000
# ── Microsoft Entra ID (Azure AD) SSO ────────────────────────
# Register an app at https://entra.microsoft.com
# Required redirect URI: {NEXTAUTH_URL}/api/auth/callback/microsoft-entra-id
# Grant: openid, profile, email (Microsoft Graph delegated permissions)
AZURE_AD_CLIENT_ID=your-azure-app-client-id
AZURE_AD_CLIENT_SECRET=your-azure-app-client-secret
AZURE_AD_TENANT_ID=your-azure-tenant-id
# ── Database ──────────────────────────────────────────────────
# Local PostgreSQL or Supabase
DATABASE_URL="postgresql://postgres:postgres@localhost:5432/pelagia_portal"
# Supabase connection pooling URL (use for serverless deployments)
# DATABASE_POOL_URL=
# ── Cloudflare R2 Storage (production only) ──────────────────
# Not required in development — files are stored in .dev-uploads/
R2_ACCOUNT_ID=your-cloudflare-account-id
R2_ACCESS_KEY_ID=your-r2-access-key-id
R2_SECRET_ACCESS_KEY=your-r2-secret-access-key
R2_BUCKET_NAME=pelagia-portal
R2_PUBLIC_URL=https://your-bucket.your-account.r2.cloudflarestorage.com
# ── Email / Resend (production only) ─────────────────────────
# Not required in development — emails are printed to the terminal
RESEND_API_KEY=re_xxxxxxxxxxxxxxxxxxxx
EMAIL_FROM=noreply@pelagiaportal.com
EMAIL_FROM_NAME="Pelagia Portal"
# ── GST Lookup microservice ───────────────────────────────────
# Run the GstService/ microservice alongside the app.
# Development default (localhost:3002) is used if this is unset.
# Start the service with: cd GstService && npm run dev
GST_SERVICE_URL=http://localhost:3003
Reference in a new issue View git blame Copy permalink