feat: zero-config first-run experience with Logto bootstrap

- logto-bootstrap.sh: API-driven init script that creates SPA app, M2M app, and default user (camel/camel) via Logto Management API. Reads m-default secret from DB, then removes seeded apps with known secrets (security hardening). Idempotent. - PublicConfigController: /api/config public endpoint serves Logto client ID from bootstrap output file (runtime, not build-time) - Frontend: LoginPage + CallbackPage fetch config from /api/config instead of import.meta.env (fixes Vite build-time baking issue) - Docker Compose: logto-bootstrap init service with health-gated dependency chain, shared volume for bootstrap config - SecurityConfig: permit /api/config without auth Flow: docker compose up → bootstrap creates apps/user → SPA fetches config → login page shows → sign in with Logto → camel/camel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 00:22:22 +02:00
parent cda7dfbaa7
commit 021b056bce
9 changed files with 371 additions and 28 deletions
--- a/ui/src/config.ts
+++ b/ui/src/config.ts
@@ -0,0 +1,27 @@
+interface AppConfig {
+  logtoEndpoint: string;
+  logtoClientId: string;
+}
+
+let cached: AppConfig | null = null;
+
+export async function fetchConfig(): Promise<AppConfig> {
+  if (cached) return cached;
+
+  try {
+    const response = await fetch('/api/config');
+    if (response.ok) {
+      cached = await response.json();
+      return cached!;
+    }
+  } catch {
+    // Config endpoint not available (e.g., Vite dev without backend)
+  }
+
+  // Fallback to env vars (Vite dev mode)
+  cached = {
+    logtoEndpoint: import.meta.env.VITE_LOGTO_ENDPOINT || 'http://localhost:3001',
+    logtoClientId: import.meta.env.VITE_LOGTO_CLIENT_ID || '',
+  };
+  return cached;
+}