Zur ÜbersichtSystem

OrgaHero

Branch production · Miosokalo/OrgaHero

Öffentliche URL erreichbarKein CI-Lauf gefunden

Live-Version & Erreichbarkeit

Öffentliche URL
https://orga-hero.com
Health-Check
https://orga-hero.com/api/health(37 ms)
Version-Endpoint (konfiguriert)
Kein version.url gesetzt — siehe Doku.

Letzte Änderungen (Git)

  1. 9002952fix(auth): robust Google OAuth callback origin parsing4/21/2026, 11:49:44 AM
  2. 0e63ea6feat(auth): Hinweis PASSWORD_NOT_SET + Reset-Link für Google-only Konten4/21/2026, 12:15:29 AM
  3. a9d73e8fix(auth): Google Login ohne Kalender-Scope4/20/2026, 11:44:01 PM
  4. 9e1cfa8fix(auth): Google OAuth callback + klare Fehlermeldungen4/20/2026, 11:37:11 PM
  5. 8c260a9feat(auth): app_users Rollen admin/mitarbeiter/mitglied und Mitarbeiter-Flags4/20/2026, 11:11:08 PM
  6. ea95eadfeat(ads): AdMob-Banner-Konfiguration, Datenschutz und Settings4/13/2026, 9:36:37 AM
  7. d933ba6deps: Vite 6.4.2 und npm overrides für OSV-Befunde (lodash, xmldom, minimatch, rollup@2)4/13/2026, 1:17:10 AM
  8. b2e27ecfix(onboarding): persist welcome/setup tour in settings (no sync wait)4/12/2026, 9:16:18 PM
  9. e43f33dfix(automerge): quiet when remote has our changes despite stable fingerprint4/12/2026, 8:55:06 PM
  10. bf23b66fix(sync-debug): JSON.stringify sync-debug payloads for readable console logs4/12/2026, 8:42:33 PM
  11. 0c41022feat(sync): ff_sync_debug docs, per-round logs, higher stall default4/12/2026, 8:33:07 PM
  12. 41fbe97fix(sync): Automerge quiet — strip ephemeral settings, stable IDs, stall4/12/2026, 8:20:32 PM
  13. 050636ffix(sync): BufferSource-Typ für sha256 in automergeSyncDiagnostics (tsc CI)4/12/2026, 7:02:13 PM
  14. bfcad58fix(sync): Automerge quiet stop + Welcome-Modal Viewport4/12/2026, 6:58:50 PM
  15. 0c425abfeat(sync): WebSocket Automerge sync, fix save-google-token stub4/12/2026, 2:14:25 PM

Empfohlene nächste Schritte

Recommended Steps (OrgaHero)

Next operational steps

  • Verify Google Login on https://orga-hero.com and https://www.orga-hero.com end-to-end.
  • Keep observing API logs for /api/coach/google-auth?action=start and confirm redirect_uri stays exactly one valid callback URL.
  • Verify account session persistence after F5 on desktop/mobile browsers (session via /api/auth/me with cookie fallback).

OAuth config checklist

  • Keep APP_PUBLIC_URL as a single URL (no comma-separated list).
  • Keep ALLOWED_ORIGINS as comma-separated list only for CORS.
  • In Google Cloud Console, ensure the redirect URI includes:
    • https://orga-hero.com/api/coach/google-auth?action=callback

Risks / follow-up

  • If users still login via www/classic, decide whether canonical callback origin should remain apex-only or switch to dedicated auth domain.
  • .env.production contains live credentials; if any were ever exposed outside trusted server scope, rotate them (Google, DB, Telegram, Brevo, session secret).
  • scripts/sync-orgahero-production.sh currently can fail at docker compose parse with server-control-plane/.env permission errors; either fix file permissions for github-runner or run the final docker compose up -d --no-deps orga-hero caddy step with sufficient permissions.

Tickets & Feedback

Noch keine Einträge. Apps können per Webhook an POST /api/webhooks/ticket senden.

Deploy-Events (Webhooks)

Keine Deploy-Events. CI-Skripte können POST /api/webhooks/deploy aufrufen.