louis/gigafibre-fsm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cbeb61e04e
gigafibre-fsm/docs/SETUP.md
louispaulb cbeb61e04e feat(hub+ops): user invite flow sends temp password via Mailjet + dev .env.example 
A few connected fixes around the invite UI shipped in 81d61aa:

1. **Bug in 81d61aa**: `auth.js` referenced `erpFetch` without importing
   it, so every invite returned `erpnext.ok=false` with the silent
   "erpFetch is not defined" error in the catch. Imported it from
   ./helpers alongside the other helpers we already used.

2. **Authentik recovery flow not configured** (caught while smoke-testing):
   the brand `auth.targo.ca` has `flow_recovery=None` and no SMTP, so
   `POST /core/users/{pk}/recovery_email/` returned 400 "No recovery
   flow set." Rather than build out a full Authentik recovery flow
   via API (multiple stages, brand patch, SMTP env var changes), the
   hub now generates a strong-but-readable temp password
   (`X7K2-9NQB-4GHM-3RTW` style — no look-alike chars), POSTs it via
   `/core/users/{pk}/set_password/`, and emails it via the existing
   Mailjet SMTP (already wired into lib/email.js for invoice sends).
   Returns `{temp_password, password_set, email_sent}` so the admin
   has a fallback if Mailjet drops the message.

3. **Settings dialog** now shows a credentials panel after submit:
     • Green banner "✓ Courriel envoyé" when email_sent=true
     • Yellow "⚠ transmettez manuellement" when email_sent=false
     • The temp password as a copyable field either way
     • ERPNext User creation status

4. **Dev onboarding**: added `apps/ops/.env.example`,
   `services/targo-hub/.env.example`, and a top-level `docs/SETUP.md`
   that explains the local-dev flow (clone → cp .env.example .env →
   npm install → npx quasar dev). The example envs are commented
   per-section so a new dev knows which keys correspond to which
   external integration. None of the real secrets are checked in —
   the .gitignore already covers .env files.
2026-05-05 19:50:06 -04:00

3.7 KiB
Raw Blame History

Dev setup — gigafibre-fsm

Quick reference for getting the stack running on a new machine.

1. Clone

git clone https://git.targo.ca/louis/gigafibre-fsm.git
cd gigafibre-fsm

2. Env files

The actual .env files are gitignored (they hold secrets). Each component ships a .env.example with placeholder values + comments. Copy and fill in:

cp apps/ops/.env.example          apps/ops/.env
cp services/targo-hub/.env.example services/targo-hub/.env

Ask the team for the real values (or copy from /opt/<service>/.env on the prod box if you have access). The hub .env is the long one — most fields correspond to one external integration (Stripe, Twilio, Authentik, etc.). Anything left blank disables that feature gracefully.

3. Run the apps

apps/ops (Vue 3 + Quasar SPA)

cd apps/ops
npm install
npx quasar dev          # dev server at http://localhost:9000
npx quasar build        # production bundle in dist/spa/

Notes:

  • The SPA expects to find ERPNext at the same origin in production (erp.gigafibre.ca/ops/ is served from /opt/ops-app/ via the ERPNext nginx). In dev, set VITE_HUB_URL to the local hub or the prod hub for backend calls.
  • Authentik SSO redirects only work behind a real domain — dev mode uses the API token (VITE_ERP_TOKEN) for direct ERPNext calls.

services/targo-hub (Node 20+)

cd services/targo-hub
npm install --production
node server.js          # listens on :3300

In production this runs in a Docker container under /opt/targo-hub/ with the host's .env file mounted.

Other services

The services/ and apps/ directories also contain Docker compose stacks that run on the prod server (ERPNext, Authentik, Traccar proxy, Fonoster, DocuSeal, …). Reproducing them locally is rarely needed — the hub talks to ERPNext + Authentik over the network and that's enough for most front-end work.

4. Common tasks

Task Command
Build + deploy ops SPA to prod cd apps/ops && npx quasar build && scp -r dist/spa/* root@96.125.196.67:/opt/ops-app/
Push hub code change scp services/targo-hub/lib/<file>.js root@96.125.196.67:/opt/targo-hub/lib/ then ssh root@... 'docker restart targo-hub'
Tail prod logs ssh root@96.125.196.67 'docker logs -f targo-hub --tail 50'
Re-build after changing daemon.json or compose docker compose up -d --force-recreate from the relevant /opt/<service>/

5. Where things live

apps/ops/                   Quasar SPA — main internal tool (dispatch, clients, …)
apps/ops/src/pages/         Top-level pages (DispatchPage, ClientDetailPage, …)
apps/ops/src/composables/   Shared logic (useMap, useResourceFilter, …)
apps/ops/src/components/shared/detail-sections/   Per-doctype detail panels
services/targo-hub/         Node middleware between SPA / ERPNext / 3rd parties
services/targo-hub/lib/     One module per integration (auth, dispatch, ai, …)
services/targo-hub/server.js Top-level HTTP router
docs/                       This file + future runbooks

6. Auth quirks (fyi)

  • Authentik staff instance = auth.targo.ca (admin token in AUTHENTIK_TOKEN). ERPNext uses it as an OAuth provider.
  • Authentik client instance = id.gigafibre.ca (separate stack, for customer portal — uses /opt/authentik-client/).
  • Inviting a user via ops Settings → Utilisateurs hits POST /auth/users on the hub, which (a) creates the Authentik user, (b) sets a temp password, (c) emails it via Mailjet, (d) creates the matching ERPNext System User.
  • The Authentik recovery email flow isn't configured (no flow_recovery on the brand) — the hub sends the credentials itself instead.