f58d7a6f17
Replaces URL-embedded JWT tokens with a single-use, 60-second handoff code that the SPA exchanges via server-to-server POST. The URL now contains only `?handoff=<code>` — no tokens are placed in the browser history, proxy access logs, or Referer header. Backend: new SsoHandoff store (DashMap, 60s TTL, atomic DashMap::remove for single-use), POST /api/v1/auth/sso/handoff endpoint, 7 new tests. Frontend: SsoCallbackPage rewritten to use useSearchParams + POST exchange, with history.replaceState to clear the handoff code from the address bar. Switched from window.location.search to useSearchParams() for test compatibility. New Vitest infrastructure (vitest, @testing-library/react, jsdom) and 6 new tests. CI fix in ccba9e3: cargo fmt --all and added searchParams to useEffect dep array to satisfy CI's Rust Format and Frontend Lint checks. Refs: closes #4
19 lines
587 B
TypeScript
19 lines
587 B
TypeScript
import { defineConfig } from 'vitest/config'
|
|
import react from '@vitejs/plugin-react'
|
|
|
|
/// Vitest configuration for the Patch Manager UI.
|
|
///
|
|
/// - Uses jsdom for a browser-like environment (needed for MUI + React
|
|
/// Testing Library).
|
|
/// - The `react()` plugin is required for JSX in test files.
|
|
/// - `globals: true` lets tests use `describe`, `it`, `expect` without
|
|
/// imports (matches the existing frontend conventions).
|
|
export default defineConfig({
|
|
plugins: [react()],
|
|
test: {
|
|
environment: 'jsdom',
|
|
globals: true,
|
|
setupFiles: ['./src/test/setup.ts'],
|
|
},
|
|
})
|