fix(astrolabe): use internal URL for OAuth token refresh
The IdpTokenRefresher was incorrectly using overwrite.cli.url (the external URL like http://localhost:8080) for internal token refresh requests. This URL is not accessible from inside Docker containers since port 8080 is only mapped on the host machine. Changed getNextcloudBaseUrl() to: - Always use http://localhost (internal port 80) by default - Added optional astrolabe_internal_url config for custom setups - Removed overwrite.cli.url usage (intended for external URLs only) This fixes 401 errors in Astrolabe semantic search when OAuth tokens need to be refreshed in containerized deployments. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
+14
-7
@@ -38,23 +38,30 @@ class IdpTokenRefresher {
|
||||
/**
|
||||
* Get Nextcloud base URL for constructing internal OIDC endpoint URLs.
|
||||
*
|
||||
* Uses Nextcloud's CLI URL config if set (for non-containerized deployments),
|
||||
* otherwise defaults to http://localhost for container environments.
|
||||
* IMPORTANT: This is for INTERNAL server-to-server requests (PHP to local Apache),
|
||||
* NOT for external client URLs. We must use the internal container URL, not the
|
||||
* external URL that browsers see.
|
||||
*
|
||||
* Configuration priority:
|
||||
* 1. overwrite.cli.url - Official Nextcloud system config for CLI operations
|
||||
* 1. astrolabe_internal_url - Explicit internal URL (for custom container setups)
|
||||
* 2. http://localhost - Default for Docker containers (web server on port 80)
|
||||
*
|
||||
* NOTE: We intentionally DO NOT use overwrite.cli.url here because:
|
||||
* - overwrite.cli.url is the EXTERNAL URL (e.g., http://localhost:8080)
|
||||
* - External URLs are not accessible from inside the container
|
||||
* - This method is for internal HTTP requests to the local web server
|
||||
*
|
||||
* @return string Base URL for internal requests (e.g., "http://localhost")
|
||||
*/
|
||||
private function getNextcloudBaseUrl(): string {
|
||||
// Check for overwrite.cli.url (used in non-containerized deployments)
|
||||
$cliUrl = $this->config->getSystemValue('overwrite.cli.url', '');
|
||||
if (!empty($cliUrl)) {
|
||||
return rtrim($cliUrl, '/');
|
||||
// Check for explicit internal URL config (for custom container setups)
|
||||
$internalUrl = $this->config->getSystemValue('astrolabe_internal_url', '');
|
||||
if (!empty($internalUrl)) {
|
||||
return rtrim($internalUrl, '/');
|
||||
}
|
||||
|
||||
// Default: container environment with web server on localhost:80
|
||||
// This works because PHP runs inside the same container as Apache
|
||||
return 'http://localhost';
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user