feat(auth): manage Google OAuth credentials from the database (epic 6b)

- Build the Google OAuth client lazily from sysconfig (DB override, env fallback) and re-register
  when the credentials change, so the install wizard / admin can set them without a restart.
- New 'google' config group (google_client_id/secret, encrypted) on the Configuration page; the
  token-refresh reads the creds the same way.
- Public GET /auth/config exposes google_enabled; the login page hides 'Continue with Google'
  when Google OAuth isn't configured (email+password still works).
This commit is contained in:
npeter83 2026-06-20 20:04:23 +02:00
parent 2d1d5c80ac
commit d7b7acb637
9 changed files with 106 additions and 24 deletions

View file

@ -635,6 +635,9 @@ export const api = {
body: JSON.stringify({ revalidate_batch: revalidateBatch }),
}),
// Public: which sign-in options this instance offers (e.g. hide Google when not configured).
authConfig: (): Promise<{ google_enabled: boolean; allow_registration: boolean }> =>
req("/auth/config"),
// --- auth: email + password (errors handled inline via quiet) ---
register: (email: string, password: string): Promise<{ status: string }> =>
req("/auth/register", { method: "POST", body: JSON.stringify({ email, password }) }, { quiet: true }),