Add a simple login page at /login for OIDC authorization flows.
When users access the authorization endpoint without being logged in,
Better Auth redirects them to this page. After successful login,
users are redirected back to continue the authorization flow.
- Create OidcLoginController with login page HTML
- Add controller to AuthModule
- Exclude /login from global prefix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Better Auth's OIDC discovery document advertises endpoints at
/api/auth/oauth2/* paths. Add routes for these native paths to
ensure Matrix Synapse and other OIDC clients can complete the
authorization flow.
Routes added:
- GET /api/auth/oauth2/authorize
- POST /api/auth/oauth2/token
- GET /api/auth/oauth2/userinfo
- GET /api/auth/jwks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add explicit path exclusions and path-to-regexp wildcard patterns
to ensure /api/auth/jwks and other OIDC routes are excluded from
the /api/v1 global prefix. This fixes JWKS endpoint accessibility
for Matrix Synapse OIDC integration.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use { path, method } syntax for NestJS global prefix excludes to ensure
OIDC routes (.well-known/*, api/oidc/*) are properly excluded from the
/api/v1 prefix.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add OidcController to expose Better Auth OIDC Provider endpoints
- Add handleOidcRequest method to BetterAuthService
- Exclude OIDC routes from global /api/v1 prefix
- Register OidcController in AuthModule
Endpoints:
- GET /.well-known/openid-configuration
- GET /api/oidc/authorize
- POST /api/oidc/token
- GET /api/oidc/userinfo
- GET /api/oidc/jwks
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Better Auth generates verification URLs with /api/auth/verify-email path,
but NestJS uses /api/v1 prefix. This adds a passthrough controller to
handle the native Better Auth routes and properly verify user emails.
- Add BetterAuthPassthroughController for /api/auth/* routes
- Add verifyEmail method to BetterAuthService
- Exclude /api/auth/* from global prefix in main.ts
- Register passthrough controller in AuthModule
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add metrics module to calendar, chat, clock, contacts backends
- Add metrics module to mana-core-auth service
- Expose /metrics endpoint for Prometheus scraping
- Track HTTP requests, response times, and custom business metrics
Co-Authored-By: Claude <noreply@anthropic.com>
Update helmet middleware to allow cross-origin resource policy and
opener policy for proper CORS functionality with frontend apps.
Also add debug logging for configured CORS origins.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add shared-feedback-types package with TypeScript types
- Add shared-feedback-service package with factory function
- Add shared-feedback-ui package with Svelte 5 components
- Add feedback module to mana-core-auth backend
- Add AI service using Gemini 2.0 Flash for title/category generation
- Add database schema and migration for feedback tables
- Integrate feedback page into Chat web app
- Add CORS support for X-App-Id header
- Add COMMANDS.md documentation for all dev commands
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
