diff --git a/BINARYBEACHIO.md b/BINARYBEACHIO.md index 3d606ccbe..2a6abf52e 100644 --- a/BINARYBEACHIO.md +++ b/BINARYBEACHIO.md @@ -174,17 +174,24 @@ Per binarybeachio architecture doc §7.4 ("only rebuild what we touched"), this Tag scheme per architecture §6 #7: `-mine.`. Push immutable tag + `:latest`: ```bash -# from C:\Users\maxwe\GitHubRepos\bb-plane-fork -docker build -t git.binarybeach.io/binarybeach/plane-backend:v1.3.0-mine.2 \ +# Backend — Dockerfile.api COPY paths are relative to apps/api/, so the +# build context must be apps/api/, NOT the repo root. Building from the +# repo root (`-f apps/api/Dockerfile.api .`) fails: "/plane: not found". +cd C:\Users\maxwe\GitHubRepos\bb-plane-fork\apps\api +docker build -t git.binarybeach.io/binarybeach/plane-backend:v1.3.0-mine. \ -t git.binarybeach.io/binarybeach/plane-backend:latest \ - -f apps/api/Dockerfile.api . -docker push git.binarybeach.io/binarybeach/plane-backend:v1.3.0-mine.2 + -f Dockerfile.api . +docker push git.binarybeach.io/binarybeach/plane-backend:v1.3.0-mine. docker push git.binarybeach.io/binarybeach/plane-backend:latest -docker build -t git.binarybeach.io/binarybeach/plane-frontend:v1.3.0-mine.2 \ +# Frontend — OPPOSITE convention: Dockerfile.web does `COPY . .` then +# `turbo prune --scope=web --docker`, so the context must be the monorepo +# ROOT (turbo needs to see all workspaces to prune correctly). +cd C:\Users\maxwe\GitHubRepos\bb-plane-fork +docker build -t git.binarybeach.io/binarybeach/plane-frontend:v1.3.0-mine. \ -t git.binarybeach.io/binarybeach/plane-frontend:latest \ -f apps/web/Dockerfile.web . -docker push git.binarybeach.io/binarybeach/plane-frontend:v1.3.0-mine.2 +docker push git.binarybeach.io/binarybeach/plane-frontend:v1.3.0-mine. docker push git.binarybeach.io/binarybeach/plane-frontend:latest ``` @@ -196,6 +203,7 @@ Plane runs as two patched images (`plane-backend`, `plane-frontend`); they bump | Tag | Upstream | Date | What changed | |---|---|---|---| +| `plane-frontend:v1.3.0-mine.4` | v1.3.0 | 2026-05-05 | SPA 401 interceptor hard-navs to `/sign-in/?_bb_reauth=` (with cache-bust ts) instead of `/?next_path=...`. Vanilla path was a hard nav too, but the browser HTTP cache returned the cached SPA bundle for `/`, looping on every XHR 401 without ever hitting Traefik. Routing through `/sign-in/` matches the priority-200 plane-signin-redirect Traefik router → bridge handoff. Bundled with the mine.7 backend edge-identity work. | | `plane-backend:v1.3.0-mine.7` | v1.3.0 | 2026-05-05 | Per-app edge-identity validation (`_bb_edge_sub` cookie + `BbEdgeIdentityMiddleware`); `BB_LOGOUT_REDIRECT_URL` env re-points sign-out to platform bridge `/logout`. Per `binarybeachio/docs/conventions/per-app-edge-identity-validation.md`. | | `plane-backend:v1.3.0-mine.6` | v1.3.0 | 2026-05-05 | Trusted view keys User on `bb_mailbox` (four-layer identity model T2.4); WARN-log fallback to federation email when claim absent. | | `plane-backend:v1.3.0-mine.5` | v1.3.0 | 2026-05-04 | Trusted view mirrors OauthAdapter user-create shape (Profile, username uuid hex, is_email_verified, is_password_autoset, transaction). | @@ -204,7 +212,7 @@ Plane runs as two patched images (`plane-backend`, `plane-frontend`); they bump | `plane-backend:v1.3.0-mine.2` | v1.3.0 | 2026-05-01 | Presigned-PUT signature mismatch fix on empty Content-Type. | | `plane-backend:v1.3.0-mine.1` | v1.3.0 | 2026-04-30 | Initial fork — presigned PUT for uploads (R2/B2 don't implement PostObject), GitHub-as-OIDC, brand asset. | -`plane-frontend` follows independently; it currently sits at `v1.3.0-mine.3` (Patch 2 frontend bits — presigned-PUT plumbing). The mine.7 backend bump above does NOT require a frontend rebuild — the SPA's existing `signOut()` form-POST goes to the same `/auth/sign-out/` URL; only the backend's response 302 target changed. +`plane-frontend` follows independently. mine.3 was Patch 2 frontend bits (presigned-PUT plumbing). mine.4 (2026-05-05) is the 401-interceptor hard-nav fix bundled with the edge-identity rollout. ## License compliance diff --git a/apps/web/core/services/api.service.ts b/apps/web/core/services/api.service.ts index 4ef1a2a4b..71f10e928 100644 --- a/apps/web/core/services/api.service.ts +++ b/apps/web/core/services/api.service.ts @@ -27,8 +27,21 @@ export abstract class APIService { (response) => response, (error) => { if (error.response && error.response.status === 401) { - const currentPath = window.location.pathname; - window.location.replace(`/${currentPath ? `?next_path=${currentPath}` : ``}`); + // binarybeachio fork — re-auth must miss the browser HTTP cache. + // Vanilla Plane navigated to `/?next_path=` which is the + // SPA root route; the browser served the cached SPA bundle, the SPA + // re-fetched the same /api endpoint, the call 401'd again, and the + // page looped without ever hitting the network at the document + // level. Plane's Traefik plane-signin-redirect router (priority 200, + // matching `^/(sign-in|...)`) catches `/sign-in/` regardless of + // cookie state and 302s to the bridge handoff — but only if the + // browser actually fetches it. Append a ts param so the URL is + // never in cache, and target /sign-in/ so the priority-200 router + // wins. Vanilla Plane handles /sign-in/ in its SPA too (the SPA + // bounces it to /), so the patch is also benign in non-platform + // deployments. See binarybeachio/docs/conventions/per-app-edge- + // identity-validation.md and feedback_plane_spa_cached_loop. + window.location.replace(`/sign-in/?_bb_reauth=${Date.now()}`); } return Promise.reject(error); }