New UI, removed mockas and old UI service, oidc for UI/API auth#385
Merged
Conversation
…icted endpoints and UI.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR migrates API/UI authentication to OIDC/JWKS, introduces a new embedded Admin UI served by APIGW, and removes the legacy standalone UI and MockAS services.
Changes:
- Replace
api_authconfiguration/secrets from BasicAuth/JWT to JWKS/OIDC and update middleware accordingly (including SPOCP rules at the APIAuth level). - Add embedded Admin UI (static assets + OIDC login/session endpoints) and allow admin sessions to access
/api/v1/*routes. - Add datastore + identity-mapping “search” APIs and remove old UI/MockAS codepaths (commands + internal services/assets).
Reviewed changes
Copilot reviewed 61 out of 64 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/model/secrets.go | Switch secrets structure from basic_auth users to api_auth.oidc client_secret and update Clear/Apply logic. |
| pkg/model/secrets_test.go | Update secrets tests for OIDC client secret handling. |
| pkg/model/config.go | Redefine APIAuth to JWKS/OIDC + move SPOCP rules to top-level APIAuth. |
| pkg/model/config_default_test.go | Update defaults tests for new JWKS/OIDC fields. |
| pkg/httphelpers/middleware.go | Add SessionOrAPIAuth helper middleware. |
| pkg/httphelpers/middleware_jwt.go | Rename/reshape JWT auth to JWKS auth, add OIDC discovery mode, change APIAuth to return (handler, error). |
| pkg/httphelpers/middleware_jwt_test.go | Update middleware tests for JWKS/OIDC refactor and new APIAuth signature. |
| pkg/helpers/validate.go | Add struct-level validation to enforce JWKS and OIDC mutual exclusivity in APIAuth. |
| pkg/configuration/config_test.go | Update secrets parsing test YAML to use api_auth.oidc.client_secret. |
| internal/ui/upload_csv_templates/README.md | Remove legacy UI CSV upload template documentation. |
| internal/ui/upload_csv_templates/ehic_upload_template.csv | Remove legacy UI CSV template. |
| internal/ui/static/ui.js | Remove legacy UI JavaScript bundle. |
| internal/ui/static/index.html | Remove legacy UI HTML entrypoint. |
| internal/ui/outbound/kafka_message_publisher.go | Remove legacy UI Kafka publisher implementation. |
| internal/ui/httpserver/service.go | Remove legacy standalone UI HTTP server. |
| internal/ui/httpserver/middleware.go | Remove legacy UI session/auth middleware. |
| internal/ui/httpserver/endpoints.go | Remove legacy UI endpoints. |
| internal/ui/httpserver/api.go | Remove legacy UI apiv1 interface. |
| internal/ui/cache/service.go | Remove legacy UI cache/session-key service. |
| internal/ui/apiv1/handlers.go | Remove legacy UI apiv1 handlers (username/password login, proxy calls). |
| internal/ui/apiv1/event_publisher.go | Remove legacy UI event publisher interface. |
| internal/ui/apiv1/client.go | Remove legacy UI apiv1 client wiring. |
| internal/mockas/inbound/kafka_message_handlers.go | Remove legacy MockAS Kafka consumer implementation. |
| internal/mockas/httpserver/service.go | Remove legacy MockAS HTTP server. |
| internal/mockas/httpserver/endpoints.go | Remove legacy MockAS endpoints. |
| internal/mockas/httpserver/api.go | Remove legacy MockAS interface. |
| internal/mockas/apiv1/utils.go | Remove legacy MockAS mock-generation helpers. |
| internal/mockas/apiv1/pid.go | Remove legacy MockAS PID mock generator. |
| internal/mockas/apiv1/pda1.go | Remove legacy MockAS PDA1 mock generator. |
| internal/mockas/apiv1/handlers.go | Remove legacy MockAS handlers. |
| internal/mockas/apiv1/elm.go | Remove legacy MockAS ELM mock generator. |
| internal/mockas/apiv1/ehic.go | Remove legacy MockAS EHIC mock generator. |
| internal/mockas/apiv1/datastore_request.go | Remove legacy MockAS datastore HTTP client code. |
| internal/mockas/apiv1/client.go | Remove legacy MockAS client wiring. |
| internal/apigw/staticembed/embed.go | Broaden embedded static asset patterns to include new admin UI assets. |
| internal/apigw/staticembed/admin.js | Add new Admin UI frontend logic (Alpine-based) calling new search + CRUD APIs. |
| internal/apigw/staticembed/admin.html | Add new Admin UI HTML entrypoint with OIDC login flow. |
| internal/apigw/httpserver/service.go | Wire APIAuth middleware with error handling; add Admin UI routes, sessions, and session-or-api auth for /api/v1. |
| internal/apigw/httpserver/methods.go | Add helper to read org_id list from admin session. |
| internal/apigw/httpserver/endpoints_identity_mapping.go | Add identity-mapping search endpoint and apply session org_id filter to request. |
| internal/apigw/httpserver/endpoints_datastore.go | Add datastore search endpoint and apply session org_id filter to request. |
| internal/apigw/httpserver/endpoints_admin.go | Add admin UI login/callback/status/logout endpoints and session creation. |
| internal/apigw/httpserver/api.go | Extend APIGW apiv1 interface with search + admin UI OIDC methods. |
| internal/apigw/db/methods_identity_mapping.go | Add DB search for identity mappings with allowed-sources filtering. |
| internal/apigw/db/methods_datastore.go | Add DB search for documents with allowed-sources filtering. |
| internal/apigw/db/interfaces.go | Extend DB interfaces with new search methods. |
| internal/apigw/apiv1/mock_stores_test.go | Update in-memory stores to satisfy new search methods for tests. |
| internal/apigw/apiv1/handlers_verifier.go | Minor variable naming cleanup in verifier handler. |
| internal/apigw/apiv1/handlers_vctm.go | Minor refactor of cache-hit reply construction. |
| internal/apigw/apiv1/handlers_openid_federation.go | Minor variable naming cleanup. |
| internal/apigw/apiv1/handlers_oidcrp.go | Minor refactor to use intermediate reply variables. |
| internal/apigw/apiv1/handlers_oauth.go | Minor reply variable cleanup; adjust issuer JWKS stripping logic naming. |
| internal/apigw/apiv1/handlers_misc.go | Minor variable rename for health reply. |
| internal/apigw/apiv1/handlers_issuer.go | Minor refactors + clarify issuer replies; add new datastore search API. |
| internal/apigw/apiv1/handlers_issuer_resolve_test.go | Update mock store interface implementation for new search method. |
| internal/apigw/apiv1/handlers_identity_mapping.go | Add identity mapping search API + Swagger annotations. |
| internal/apigw/apiv1/handlers_datastore.go | Add datastore search API + Swagger annotations. |
| internal/apigw/apiv1/handlers_admin_ui.go | Add admin OIDC login URL, callback exchange/verify, and logout URL builder. |
| internal/apigw/apiv1/client.go | Initialize OIDC provider/config/verifier for admin UI when api_auth.oidc is enabled. |
| cmd/ui/main.go | Remove legacy standalone UI service entrypoint. |
| cmd/mockas/main.go | Remove legacy standalone MockAS service entrypoint. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.