mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-14 22:21:10 +02:00
a7fe828d32
TRUSTED_ORIGINS was defined inside better-auth.config.ts, which pulls in the whole Better Auth stack just to read a list of hostnames. Anyone who wants to consume the list (infra tooling, compose-env generators, monitoring) had to either duplicate it or pay the import cost. - New `sso-origins.ts` — zero-dep module exposing `PRODUCTION_TRUSTED_ORIGINS` + `LOCAL_TRUSTED_ORIGINS` + the combined `TRUSTED_ORIGINS` list. This is now the canonical place to add a new top-level SSO origin. - `better-auth.config.ts` imports + re-exports so existing consumers keep working without a touch. - `sso-config.spec.ts` imports directly from `./sso-origins` (cleaner coupling) and now HARD-FAILS when mana-auth CORS_ORIGINS contains a production origin that isn't in trustedOrigins. Previously this was a `console.warn` only, meaning dead-drift could silently accumulate and then surface as a confusing runtime auth rejection. - Root CLAUDE.md "Adding an app to SSO" updated to point at the SSOT and mention the new hard-fail direction. No current drift — the mana-auth CORS_ORIGINS already match. The hardened assertion is defensive for future changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| mana-ai | ||
| mana-analytics | ||
| mana-api-gateway | ||
| mana-auth | ||
| mana-crawler | ||
| mana-credits | ||
| mana-events | ||
| mana-geocoding | ||
| mana-image-gen | ||
| mana-landing-builder | ||
| mana-llm | ||
| mana-mail | ||
| mana-media | ||
| mana-notify | ||
| mana-research | ||
| mana-search | ||
| mana-stt | ||
| mana-subscriptions | ||
| mana-sync | ||
| mana-tts | ||
| mana-user | ||
| mana-video-gen | ||
| mana-voice-bot | ||
| news-ingester | ||