Merge branch 'main' into feat/network-probes

Resolved conflict in internal/records/records.go:
- Upstream refactor moved deletion code to records_deletion.go and
  switched averaging functions from package-level globals to local
  variables (var row StatsRecord / params := make(dbx.Params, 1)).
- Kept AverageProbeStats and rewrote it to match the new local-variable
  pattern.
- Dropped duplicated deletion helpers from records.go (they now live in
  records_deletion.go).
- Added "network_probe_stats" to the collections list in
  records_deletion.go:deleteOldSystemStats so probe stats keep the same
  retention policy.

internal/site/index.html

@@ -22,11 +22,7 @@
 			})();
 		</script>
 		<script>
-			globalThis.BESZEL = {
-				BASE_PATH: "%BASE_URL%",
-				HUB_VERSION: "{{V}}",
-				HUB_URL: "{{HUB_URL}}"
-			}
+			globalThis.BESZEL = "{info}"
 		</script>
 	</head>
 	<body>

internal/site/src/components/login/auth-form.tsx

@@ -12,7 +12,7 @@ import { Label } from "@/components/ui/label"
 import { pb } from "@/lib/api"
 import { $authenticated } from "@/lib/stores"
 import { cn } from "@/lib/utils"
-import { $router, Link, prependBasePath } from "../router"
+import { $router, Link, basePath, prependBasePath } from "../router"
 import { toast } from "../ui/use-toast"
 import { OtpInputForm } from "./otp-forms"
 
@@ -37,8 +37,7 @@ const RegisterSchema = v.looseObject({
 	passwordConfirm: passwordSchema,
 })
 
-export const showLoginFaliedToast = (description?: string) => {
-	description ||= t`Please check your credentials and try again`
+export const showLoginFaliedToast = (description = t`Please check your credentials and try again`) => {
 	toast({
 		title: t`Login attempt failed`,
 		description,
@@ -130,10 +129,6 @@ export function UserAuthForm({
 		[isFirstRun]
 	)
 
-	if (!authMethods) {
-		return null
-	}
-
 	const authProviders = authMethods.oauth2.providers ?? []
 	const oauthEnabled = authMethods.oauth2.enabled && authProviders.length > 0
 	const passwordEnabled = authMethods.password.enabled
@@ -142,6 +137,12 @@ export function UserAuthForm({
 
 	function loginWithOauth(provider: AuthProviderInfo, forcePopup = false) {
 		setIsOauthLoading(true)
+
+		if (globalThis.BESZEL.OAUTH_DISABLE_POPUP) {
+			redirectToOauthProvider(provider)
+			return
+		}
+
 		const oAuthOpts: OAuth2AuthConfig = {
 			provider: provider.name,
 		}
@@ -150,10 +151,7 @@ export function UserAuthForm({
 			const authWindow = window.open()
 			if (!authWindow) {
 				setIsOauthLoading(false)
-				toast({
-					title: t`Error`,
-					description: t`Please enable pop-ups for this site`,
-				})
+				showLoginFaliedToast(t`Please enable pop-ups for this site`)
 				return
 			}
 			oAuthOpts.urlCallback = (url) => {
@@ -171,16 +169,57 @@ export function UserAuthForm({
 			})
 	}
 
+	/**
+	 * Redirects the user to the OAuth provider's authentication page in the same window.
+	 * Requires the app's base URL to be registered as a redirect URI with the OAuth provider.
+	 */
+	function redirectToOauthProvider(provider: AuthProviderInfo) {
+		const url = new URL(provider.authURL)
+		// url.searchParams.set("redirect_uri", `${window.location.origin}${basePath}`)
+		sessionStorage.setItem("provider", JSON.stringify(provider))
+		window.location.href = url.toString()
+	}
+
 	useEffect(() => {
-		// auto login if password disabled and only one auth provider
-		if (!passwordEnabled && authProviders.length === 1 && !sessionStorage.getItem("lo")) {
-			// Add a small timeout to ensure browser is ready to handle popups
-			setTimeout(() => {
-				loginWithOauth(authProviders[0], true)
-			}, 300)
+		// handle redirect-based OAuth callback if we have a code
+		const params = new URLSearchParams(window.location.search)
+		const code = params.get("code")
+		if (code) {
+			const state = params.get("state")
+			const provider: AuthProviderInfo = JSON.parse(sessionStorage.getItem("provider") ?? "{}")
+			if (!state || provider.state !== state) {
+				showLoginFaliedToast()
+			} else {
+				setIsOauthLoading(true)
+				window.history.replaceState({}, "", window.location.pathname)
+				pb.collection("users")
+					.authWithOAuth2Code(provider.name, code, provider.codeVerifier, `${window.location.origin}${basePath}`)
+					.then(() => $authenticated.set(pb.authStore.isValid))
+					.catch((e: unknown) => showLoginFaliedToast((e as Error).message))
+					.finally(() => setIsOauthLoading(false))
+			}
 		}
+
+		// auto login if password disabled and only one auth provider
+		if (!code && !passwordEnabled && authProviders.length === 1 && !sessionStorage.getItem("lo")) {
+			// Add a small timeout to ensure browser is ready to handle popups
+			setTimeout(() => loginWithOauth(authProviders[0], false), 300)
+			return
+		}
+
+		// refresh auth if not in above states (required for trusted auth header)
+		pb.collection("users")
+			.authRefresh()
+			.then((res) => {
+				pb.authStore.save(res.token, res.record)
+				$authenticated.set(!!pb.authStore.isValid)
+			})
 	}, [])
 
+	if (!authMethods) {
+		return null
+	}
+
 	if (otpId && mfaId) {
 		return <OtpInputForm otpId={otpId} mfaId={mfaId} />
 	}
@@ -248,7 +287,7 @@ export function UserAuthForm({
 							)}
 							<div className="sr-only">
 								{/* honeypot */}
-								<label htmlFor="website"></label>
+								<label htmlFor="website">Website</label>
 								<input
 									id="website"
 									type="text"

internal/site/src/components/systems-table/systems-table-columns.tsx

@@ -110,20 +110,23 @@ export function SystemsTableColumns(viewMode: "table" | "grid"): ColumnDef<Syste
 
 				// match filter value against name or translated status
 				return (row, _, newFilterInput) => {
-					const { name, status } = row.original
+					const sys = row.original
+					if (sys.host.includes(newFilterInput) || sys.info.v?.includes(newFilterInput)) {
+						return true
+					}
 					if (newFilterInput !== filterInput) {
 						filterInput = newFilterInput
 						filterInputLower = newFilterInput.toLowerCase()
 					}
-					let nameLower = nameCache.get(name)
+					let nameLower = nameCache.get(sys.name)
 					if (nameLower === undefined) {
-						nameLower = name.toLowerCase()
-						nameCache.set(name, nameLower)
+						nameLower = sys.name.toLowerCase()
+						nameCache.set(sys.name, nameLower)
 					}
 					if (nameLower.includes(filterInputLower)) {
 						return true
 					}
-					const statusLower = statusTranslations[status as keyof typeof statusTranslations]
+					const statusLower = statusTranslations[sys.status as keyof typeof statusTranslations]
 					return statusLower?.includes(filterInputLower) || false
 				}
 			})(),

internal/site/src/main.tsx

@@ -94,18 +94,6 @@ const Layout = () => {
 		document.documentElement.dir = direction
 	}, [direction])
 
-	useEffect(() => {
-		// refresh auth if not authenticated (required for trusted auth header)
-		if (!authenticated) {
-			pb.collection("users")
-				.authRefresh()
-				.then((res) => {
-					pb.authStore.save(res.token, res.record)
-					$authenticated.set(!!pb.authStore.isValid)
-				})
-		}
-	}, [])
-
 	return (
 		<DirectionProvider dir={direction}>
 			{!authenticated ? (

internal/site/src/types.d.ts

@@ -7,6 +7,7 @@ declare global {
 		BASE_PATH: string
 		HUB_VERSION: string
 		HUB_URL: string
+		OAUTH_DISABLE_POPUP: boolean
 	}
 }
 

internal/site/tsconfig.app.json

@@ -7,7 +7,7 @@
 		"module": "ESNext",
 		"lib": ["ES2022", "DOM", "DOM.Iterable"],
 		"skipLibCheck": true,
-		"baseUrl": ".",
+		// "baseUrl": ".",
 		"paths": {
 			"@/*": ["./src/*"]
 		},