32 lines
1.2 KiB
Markdown
32 lines
1.2 KiB
Markdown
# Frontend Boundary
|
|
|
|
- This repository hosts the central identity web surface for Thalos.
|
|
- Frontend data access flows through `src/api/*` adapter modules.
|
|
- The UI does not access DAL or internal services directly.
|
|
- Route shell uses Ant Design layout/menu and keeps session workspace behind session checks.
|
|
- Callback handling validates OIDC query states and normalizes return paths to same-origin routes.
|
|
|
|
## Runtime Base URLs
|
|
|
|
- `API_BASE_URL` for business BFF calls.
|
|
- `THALOS_AUTH_BASE_URL` for session and OIDC endpoints.
|
|
- `THALOS_DEFAULT_RETURN_URL` for callback fallback.
|
|
- `THALOS_DEFAULT_TENANT_ID` for OIDC tenant defaults.
|
|
- `THALOS_ENABLE_MANUAL_LOGIN` for explicitly enabling the dev/test fallback form.
|
|
|
|
## Protected Workflow Endpoints
|
|
|
|
- `GET /api/identity/oidc/google/start`
|
|
- `GET /api/identity/oidc/google/callback`
|
|
- `POST /api/identity/session/login`
|
|
- `POST /api/identity/session/refresh`
|
|
- `POST /api/identity/session/logout`
|
|
- `GET /api/identity/session/me`
|
|
|
|
## UI Workflow Coverage
|
|
|
|
- Central login launch (Google OIDC start)
|
|
- Callback processing and error rendering
|
|
- Session workspace verification and snapshot reload
|
|
- Manual dev/test session login fallback gated by environment/runtime config
|