louis/gigafibre-fsm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0f8d2b0565
gigafibre-fsm/docs/SETUP.md
louispaulb cbeb61e04e feat(hub+ops): user invite flow sends temp password via Mailjet + dev .env.example 
A few connected fixes around the invite UI shipped in 81d61aa:

1. **Bug in 81d61aa**: `auth.js` referenced `erpFetch` without importing
   it, so every invite returned `erpnext.ok=false` with the silent
   "erpFetch is not defined" error in the catch. Imported it from
   ./helpers alongside the other helpers we already used.

2. **Authentik recovery flow not configured** (caught while smoke-testing):
   the brand `auth.targo.ca` has `flow_recovery=None` and no SMTP, so
   `POST /core/users/{pk}/recovery_email/` returned 400 "No recovery
   flow set." Rather than build out a full Authentik recovery flow
   via API (multiple stages, brand patch, SMTP env var changes), the
   hub now generates a strong-but-readable temp password
   (`X7K2-9NQB-4GHM-3RTW` style — no look-alike chars), POSTs it via
   `/core/users/{pk}/set_password/`, and emails it via the existing
   Mailjet SMTP (already wired into lib/email.js for invoice sends).
   Returns `{temp_password, password_set, email_sent}` so the admin
   has a fallback if Mailjet drops the message.

3. **Settings dialog** now shows a credentials panel after submit:
     • Green banner "✓ Courriel envoyé" when email_sent=true
     • Yellow "⚠ transmettez manuellement" when email_sent=false
     • The temp password as a copyable field either way
     • ERPNext User creation status

4. **Dev onboarding**: added `apps/ops/.env.example`,
   `services/targo-hub/.env.example`, and a top-level `docs/SETUP.md`
   that explains the local-dev flow (clone → cp .env.example .env →
   npm install → npx quasar dev). The example envs are commented
   per-section so a new dev knows which keys correspond to which
   external integration. None of the real secrets are checked in —
   the .gitignore already covers .env files.
2026-05-05 19:50:06 -04:00

99 lines
3.7 KiB
Markdown
Raw Blame History

# Dev setup — gigafibre-fsm
Quick reference for getting the stack running on a new machine.
## 1. Clone
```bash
git clone https://git.targo.ca/louis/gigafibre-fsm.git
cd gigafibre-fsm
```
## 2. Env files
The actual `.env` files are gitignored (they hold secrets). Each component
ships a `.env.example` with placeholder values + comments. Copy and fill in:
```bash
cp apps/ops/.env.example apps/ops/.env
cp services/targo-hub/.env.example services/targo-hub/.env
```
Ask the team for the real values (or copy from `/opt/<service>/.env` on the
prod box if you have access). The hub `.env` is the long one — most fields
correspond to one external integration (Stripe, Twilio, Authentik, etc.).
Anything left blank disables that feature gracefully.
## 3. Run the apps
### `apps/ops` (Vue 3 + Quasar SPA)
```bash
cd apps/ops
npm install
npx quasar dev # dev server at http://localhost:9000
npx quasar build # production bundle in dist/spa/
```
Notes:
- The SPA expects to find ERPNext at the same origin in production
(`erp.gigafibre.ca/ops/` is served from `/opt/ops-app/` via the
ERPNext nginx). In dev, set `VITE_HUB_URL` to the local hub or the
prod hub for backend calls.
- Authentik SSO redirects only work behind a real domain — dev mode
uses the API token (`VITE_ERP_TOKEN`) for direct ERPNext calls.
### `services/targo-hub` (Node 20+)
```bash
cd services/targo-hub
npm install --production
node server.js # listens on :3300
```
In production this runs in a Docker container under `/opt/targo-hub/` with
the host's `.env` file mounted.
### Other services
The `services/` and `apps/` directories also contain Docker compose stacks
that run on the prod server (ERPNext, Authentik, Traccar proxy, Fonoster,
DocuSeal, …). Reproducing them locally is rarely needed — the hub talks
to ERPNext + Authentik over the network and that's enough for most
front-end work.
## 4. Common tasks
| Task | Command |
| --- | --- |
| Build + deploy ops SPA to prod | `cd apps/ops && npx quasar build && scp -r dist/spa/* root@96.125.196.67:/opt/ops-app/` |
| Push hub code change | `scp services/targo-hub/lib/<file>.js root@96.125.196.67:/opt/targo-hub/lib/` then `ssh root@... 'docker restart targo-hub'` |
| Tail prod logs | `ssh root@96.125.196.67 'docker logs -f targo-hub --tail 50'` |
| Re-build after changing daemon.json or compose | `docker compose up -d --force-recreate` from the relevant `/opt/<service>/` |
## 5. Where things live
```
apps/ops/ Quasar SPA — main internal tool (dispatch, clients, …)
apps/ops/src/pages/ Top-level pages (DispatchPage, ClientDetailPage, …)
apps/ops/src/composables/ Shared logic (useMap, useResourceFilter, …)
apps/ops/src/components/shared/detail-sections/ Per-doctype detail panels
services/targo-hub/ Node middleware between SPA / ERPNext / 3rd parties
services/targo-hub/lib/ One module per integration (auth, dispatch, ai, …)
services/targo-hub/server.js Top-level HTTP router
docs/ This file + future runbooks
```
## 6. Auth quirks (fyi)
- **Authentik staff instance** = `auth.targo.ca` (admin token in
`AUTHENTIK_TOKEN`). ERPNext uses it as an OAuth provider.
- **Authentik client instance** = `id.gigafibre.ca` (separate stack,
for customer portal — uses `/opt/authentik-client/`).
- Inviting a user via ops Settings → Utilisateurs hits
`POST /auth/users` on the hub, which (a) creates the Authentik user,
(b) sets a temp password, (c) emails it via Mailjet, (d) creates the
matching ERPNext System User.
- The Authentik recovery email flow isn't configured (no `flow_recovery`
on the brand) — the hub sends the credentials itself instead.
Reference in New Issue View Git Blame Copy Permalink