diff --git a/webapp/.env.example b/webapp/.env.example index f792787..f15c914 100644 --- a/webapp/.env.example +++ b/webapp/.env.example @@ -31,7 +31,10 @@ BUILT_IN_FORGE_API_KEY=sk-your-api-key-here # ============================================================ # Authentication (Optional - for multi-user mode) # ============================================================ -# If you don't need authentication, the app works without these. +# AUTH_MODE controls how users are authenticated. +# - oauth (default): use the original Manus OAuth + session flow +# - local: local development only; auto-sign in a fixed local user +AUTH_MODE=oauth # For Manus OAuth integration: JWT_SECRET=your-random-jwt-secret-at-least-32-chars VITE_APP_ID=your-oauth-app-id diff --git a/webapp/server/_core/env.ts b/webapp/server/_core/env.ts index 2792b99..b2d3ee1 100644 --- a/webapp/server/_core/env.ts +++ b/webapp/server/_core/env.ts @@ -7,4 +7,5 @@ export const ENV = { isProduction: process.env.NODE_ENV === "production", forgeApiUrl: process.env.BUILT_IN_FORGE_API_URL ?? "", forgeApiKey: process.env.BUILT_IN_FORGE_API_KEY ?? "", + authMode: process.env.AUTH_MODE ?? "oauth", }; diff --git a/webapp/server/_core/sdk.ts b/webapp/server/_core/sdk.ts index 230e762..5c3094e 100644 --- a/webapp/server/_core/sdk.ts +++ b/webapp/server/_core/sdk.ts @@ -256,7 +256,30 @@ class SDKServer { } as GetUserInfoWithJwtResponse; } + private async getLocalDevUser(): Promise { + const signedInAt = new Date(); + const localOpenId = "local-dev-user"; + + await db.upsertUser({ + openId: localOpenId, + name: "Local User", + loginMethod: "local", + lastSignedIn: signedInAt, + }); + + const user = await db.getUserByOpenId(localOpenId); + if (!user) { + throw ForbiddenError("Local development user not found"); + } + + return user; + } + async authenticateRequest(req: Request): Promise { + if (ENV.authMode === "local" && !ENV.isProduction) { + return this.getLocalDevUser(); + } + // Regular authentication flow const cookies = this.parseCookies(req.headers.cookie); const sessionCookie = cookies.get(COOKIE_NAME);