El build anterior del commit b6a58e8 no completó el push de las
imágenes Docker al registro. Este commit trivial triggerea el
workflow de nuevo para que se complete correctamente el build
y deploy del fix que unifica user.ts (GET y PATCH en un solo archivo).
PROBLEMA IDENTIFICADO:
Nuxt 4 no reconoce archivos con extensiones como .get.ts y .patch.ts
en el directorio server/api/. Esto causaba que los endpoints no se
compilaran en el build final.
SOLUCIÓN:
- Eliminados: user.get.ts y user.patch.ts
- Creado: user.ts que maneja ambos métodos HTTP (GET y PATCH)
- Usa event.method para distinguir entre GET y PATCH
- Devuelve 405 para métodos no permitidos
Este cambio debería permitir que Nuxt compile correctamente los
endpoints de la API de Authentik para edición de perfil.
Se agregó la flag --no-cache al comando docker build para forzar
una reconstrucción completa de la imagen Docker sin usar cache.
Esto asegura que los endpoints de la API de Authentik
(/api/authentik/user GET y PATCH) se incluyan correctamente
en la imagen compilada.
Se agregó un comentario al código para forzar que Docker
reconstruya la imagen y así incluya los endpoints de la API
de Authentik que faltaban en el build anterior.
Los endpoints /api/authentik/user (GET y PATCH) existen en
el código fuente pero no fueron incluidos en la imagen Docker
debido a cache.
Se agregaron las variables de entorno de Authentik al job de deploy
para que se pasen correctamente al docker-compose:
- NUXT_AUTHENTIK_API_TOKEN (secret)
- NUXT_AUTHENTIK_API_URL (variable)
- NUXT_PUBLIC_AUTHENTIK_URL (variable)
Esto permitirá que el contenedor tenga acceso al token de la API
de Authentik y pueda funcionar la edición de perfil.
Se agregaron las variables de entorno necesarias para que el backend
pueda conectarse a la API de Authentik:
- NUXT_AUTHENTIK_API_TOKEN: Token de autenticación para la API
- NUXT_AUTHENTIK_API_URL: URL del servidor Authentik
- NUXT_PUBLIC_AUTHENTIK_URL: URL pública de Authentik
Esto corrige el problema donde la API de perfil devolvía HTML
en lugar de JSON porque no tenía acceso al token de Authentik.
- Add Nuxt 4 application with Authentik Proxy Outpost integration
- Add EditProfileButton component for editing user profile via Authentik API
- Add API endpoints for Authentik user management (GET/PATCH)
- Configure Gitea Actions workflow for automated deployment
- Add monitoring hook for Gitea Actions
- Configure environment variables and Docker Compose setup
This commit implements a comprehensive, reusable group verification system:
Components:
- GroupCheckButton: Base component for group verification
- 7 specialized buttons: 3 real groups (authentik Admins, grupo-prueba, lvl0), 1 public access test, 2 system verification buttons
- All buttons support both frontend and backend verification modes
Backend:
- New API endpoint /api/auth/check-group for server-side group validation
- Reads Authentik headers and validates group membership
Frontend:
- Enhanced useAuthentik composable with hasGroup() and checkGroupBackend() methods
- Toast notifications for all verification results
- Smooth animations and color-coded visual feedback
UI Improvements:
- Organized layout with cards for different verification types
- Grid layout for group buttons
- Professional styling with hover effects and shadows
- Clear visual distinction between frontend/backend checks
- Update AuthentikUser interface to include appSlug and outpostName
- Capture x-authentik-meta-app and x-authentik-meta-outpost headers
- Improve UserMetadata component to display connection information
- Filter empty groups from groups array
- Add documentation about available Authentik headers
- Add AuthentikUser and AuthStatusResponse interfaces
- Fix toast color from 'gray' to 'neutral' (valid color)
- Remove invalid 'timeout' property from toast.add()
- Fix toast action from 'click' to 'onClick'
- Add proper type annotations for error handling
- Replace process.server with import.meta.server
- Make email, name, uid optional in AuthentikUser interface
- Revert CacheFirst strategy back to NetworkFirst
- Add clear technical explanation in offline.html
- Explain that full offline mode requires no-auth or SPA
- Note that UI remains functional if app is already open
- Create offline.html with user-friendly offline message
- Auto-redirect when connection is restored
- Use offline.html as navigateFallback instead of root
- Include offline.html in PWA assets for precaching
This ensures users see a proper offline page when opening the app without connection, instead of a browser error.
- Add navigateFallbackDenylist to exclude API and auth routes
- Enhanced urlPattern to match document destination and root path
- Increase cache entries to 50 and duration to 7 days
- Add cacheableResponse for better cache control
This should enable the app to open offline after being loaded once.
This enables offline navigation by caching HTML documents generated by SSR.
When offline, users can now navigate to cached pages using the service worker.
- Enable navigateFallback for offline navigation support
- Add JSON files to glob patterns for heroicons support
- Change Authentik API caching from NetworkFirst to NetworkOnly to prevent stale session data
- Add offline detection in checkSessionStatus with proper user feedback
- Add no-cache headers to /api/auth/status endpoint to prevent browser caching
- Show "Modo Offline" toast when user tries to check session while offline
Change button layout to show all 4 buttons at the same time:
- Estado de Sesión (info/blue)
- Ver Perfil (primary/blue)
- Cerrar Sesión (error/red)
- Iniciar Sesión (success/green) - NEW: always visible
This allows users to force a re-authentication by clicking 'Iniciar
Sesión' even when already authenticated, triggering Authentik login flow.
Replace 'Ver Perfil' and 'Cerrar Sesión' buttons with a prominent
'Iniciar Sesión' button when user is not authenticated. The button
reloads the page to trigger Authentik login redirect.
This provides a more accessible way to log in compared to the toast
button, which can be difficult to click.
Button layout:
- Authenticated: [Estado de Sesión] [Ver Perfil] [Cerrar Sesión]
- Not authenticated: [Estado de Sesión] [Iniciar Sesión]
Add 'Iniciar Sesión' button to toasts when session is not active.
Clicking the button reloads the page, triggering Authentik redirect
to login flow.
Also increased toast timeout from 5s to 10s to give users more time
to see and click the login button.
- Detect CORS/redirect errors from Authentik and interpret them as
"no session" instead of generic error
- When session expires, Authentik returns 302 redirect to login which
causes CORS error in fetch requests
- Add /api/_nuxt_icon/ to public routes to prevent icon load failures
after logout
This fixes the issue where logout in Authentik showed "Error" instead
of "Sin Sesión" when checking session status.
Remove /api/auth/status from public routes so it receives Authentik headers.
Remove logic that was clearing local auth state, which caused the page to
show "No autenticado" even when user was authenticated.
Now the button only displays session status without modifying the UI state.
Move /api/auth/status endpoint from app/server/ to server/ directory.
Nuxt expects server API routes to be in /server/api/, not /app/server/api/.
This fixes the issue where the endpoint was returning HTML instead of JSON.
Make the session status check endpoint publicly accessible so it can
respond even when there's no Authentik session. This allows the
endpoint to return {"authenticated": false} instead of being
redirected to login.
Without this, Authentik intercepts the request and returns HTML
login page instead of JSON response.
Create real-time session verification against Authentik:
- Add /api/auth/status endpoint that reads Authentik headers live
- Modify checkSessionStatus() to fetch from API instead of local state
- Show "Verifying..." toast while checking
- Sync local state with actual Authentik session status
- Handle connection errors gracefully
This ensures the status check reflects the current Authentik session,
not just the cached local state.
Add new button to check and display current session status:
- New checkSessionStatus() function in useAuthentik composable
- Displays toast notification with session info
- Shows user name if authenticated or warning if not
- Add UNotifications component to app.vue to render toasts
This allows users to quickly verify their authentication status.
Split routing into two routers with different priorities:
- Public router (priority 100) handles PWA resources without authentication
- Protected router (priority 10) handles application routes with Authentik
Add CORS middleware for public PWA resources to allow cross-origin access
to manifest.webmanifest, service worker, and icons.
Fixes intermittent ERR_FAILED 302 and CORS errors when loading PWA manifest
from authenticated sessions.
- Created icon-maskable.svg with full background (no transparency)
- Generated icon-512x512-maskable.png with 90% safe zone
- Updated manifest to use dedicated maskable icon
- Fixes white background issue on Windows taskbar/topbar
- Split icon-512x512.png into two separate entries
- One with purpose 'any' and one with purpose 'maskable'
- Avoids platform padding issues with combined purposes
- Add screenshots to manifest (desktop, tablet, mobile)
- Enable window-controls-overlay for Windows compact mode
- Fix deprecated apple-mobile-web-app-capable warning
- Add mobile-web-app-capable meta tag
- Add useHead() in app.vue to inject manifest and PWA meta tags
- Set navigateFallback to undefined to prevent non-precached-url error
- Add includeAssets configuration for PWA module
- Fixes service worker error on initial page load
🤖 Generated with [Claude Code](https://claude.com/claude-code)
- Change logout endpoint from proxy-only to full invalidation
- Use /flows/-/default/invalidation/ endpoint
- Add NUXT_PUBLIC_AUTHENTIK_URL to runtime config
- Logout now closes session in all applications
- Prevents automatic re-authentication after logout
- Resolve SSR error "useAuthentik is not defined"
- Follow Nuxt 4 directory structure conventions
- When app/ exists, all app directories must be inside it
- This enables proper auto-import of composables
- Create useAuthentik composable to read headers
- Add UserAvatar component with avatar and user info
- Add StatusBadges for auth/connection status
- Add ActionButtons for logout and profile
- Add UserMetadata component with full user details
- Integrate all components in main page
- Use Nuxt UI components throughout
- Use github.repository_owner in workflow
- Image format: REGISTRY_URL/owner/APP_NAME:latest
- Works automatically with Gitea registry
- Template-friendly: forks use their own owner
- Update documentation with new format
- Add proper Traefik labels with middleware support
- Use APP_NAME variable for dynamic naming
- Remove port mapping (Traefik handles routing)
- Add .env.example with all required variables
- Update README with complete variable documentation
- Configure docker network to use 'principal'
- Add X-Forwarded-Proto header middleware
- Add detailed action information (workflow, duration, branch, etc.)
- Detect and notify when Actions are disabled
- Check for API permission errors
- Add example settings.json for easy setup
- Update README with hook configuration guide
