fix(auth+pwa): resolve stuck-loading race condition and PWA build error
Auth: `getSession()` in a SvelteKit load function races with Supabase's async localStorage init and can return null for a valid session, triggering a spurious login() redirect. Moved auth redirect to (app)/+layout.svelte via $effect, which correctly waits for onAuthStateChange to fire. Also fixed collective data never loading on page refresh (INITIAL_SESSION event, not SIGNED_IN). PWA: SvelteKit blocks Workbox imports in src/service-worker.ts, preventing @vite-pwa/sveltekit from finding the compiled SW output. Switched to generateSW strategy (plugin auto-generates the SW). Custom SW deferred to Fase 2b using src/sw.ts (a filename SvelteKit does not intercept). Docs: added gotchas 6–8 to CLAUDE.md covering both root causes so they are not reintroduced. Updated plan/fase-2b with the sw.ts workaround note. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -47,11 +47,17 @@ services:
|
||||
GOTRUE_SITE_URL: ${PUBLIC_APP_URL:-http://localhost:5173}
|
||||
GOTRUE_JWT_SECRET: ${SUPABASE_JWT_SECRET}
|
||||
GOTRUE_JWT_EXP: 3600
|
||||
GOTRUE_DISABLE_SIGNUP: "true"
|
||||
# Allow OIDC-based user creation (Keycloak is the gatekeeper).
|
||||
# Direct email/password signup is blocked at the Kong level (no /auth/v1/signup route exposed).
|
||||
GOTRUE_DISABLE_SIGNUP: "false"
|
||||
# OIDC: Keycloak as external provider
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_ENABLED: "true"
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_CLIENT_ID: ${PUBLIC_KEYCLOAK_CLIENT_ID:-colectivo-web}
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_SECRET: ""
|
||||
# colectivo-web is a confidential client in Keycloak (required for GoTrue code exchange).
|
||||
# Dev value matches keycloak/realm-export.json. Override in .env for prod.
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_SECRET: ${KEYCLOAK_CLIENT_SECRET:-gotrue-dev-secret}
|
||||
# openid is required so the access token is an OIDC token and the userinfo endpoint accepts it.
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_SCOPES: "openid profile email"
|
||||
# GoTrue fetches Keycloak's OIDC discovery doc at this URL (Docker-internal hostname).
|
||||
# The browser also uses this hostname — add "127.0.0.1 keycloak" to /etc/hosts.
|
||||
GOTRUE_EXTERNAL_KEYCLOAK_URL: http://keycloak:8080/realms/colectivo
|
||||
@@ -146,6 +152,11 @@ services:
|
||||
kong:
|
||||
image: kong:2.8.1
|
||||
restart: unless-stopped
|
||||
# kong.yml uses ${SUPABASE_ANON_KEY} / ${SUPABASE_SERVICE_KEY} placeholders.
|
||||
# Kong 2.8 does NOT substitute env vars in declarative config automatically.
|
||||
# kong-start.sh uses perl to substitute ${VAR} from the container environment
|
||||
# before Kong loads the config.
|
||||
entrypoint: ["/bin/bash", "/home/kong/kong-start.sh"]
|
||||
ports:
|
||||
- "8001:8000" # HTTP API (8000 may conflict; use http://localhost:8001)
|
||||
- "8443:8443" # HTTPS API
|
||||
@@ -162,7 +173,8 @@ services:
|
||||
SUPABASE_ANON_KEY: ${PUBLIC_SUPABASE_ANON_KEY}
|
||||
SUPABASE_SERVICE_KEY: ${SUPABASE_SERVICE_ROLE_KEY}
|
||||
volumes:
|
||||
- ./kong.yml:/home/kong/kong.yml:ro
|
||||
- ./kong.yml:/home/kong/temp.yml:ro
|
||||
- ./kong-start.sh:/home/kong/kong-start.sh:ro
|
||||
|
||||
# ── Supabase Studio ───────────────────────────────────────────────────────
|
||||
studio:
|
||||
|
||||
Reference in New Issue
Block a user