feat: migrate to YAML config and add background server mode #161
Conversation
When using implicit OAuth flow, Cognito redirects to /oauth_callback#access_token=... The URL fragment (after #) is not sent to the server in HTTP requests. This GET handler serves an HTML page with JavaScript that: 1. Parses the URL fragment to extract tokens 2. POSTs the tokens to the existing POST handler 3. Handles errors and redirects appropriately
## YAML Configuration - Add from_settings() class method to CognitoAuth for YAML config loading - Update get_cognito_auth() to use ~/.config/bloom/bloom-config.yaml (with env fallback) - Update get_allowed_domains() to use YAML config for email domain whitelist ## CLI Improvements - Add background mode support to 'bloom gui' command (--background/-b flag) - Add 'bloom gui stop' command to stop background server - Add server logs command to view logs from ~/.bloom/logs/ - Change default port from 8080 to 8911 ## Configuration Location Config file: ~/.config/bloom/bloom-config.yaml Logs: ~/.bloom/logs/
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b30a013e0f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Empty list in YAML = block all | ||
| # Check if it was explicitly set (vs default) | ||
| # For now, empty list blocks all (consistent with atlas/ursa) | ||
| return ["__BLOCK_ALL__"] |
There was a problem hiding this comment.
This branch treats an empty cognito_allowed_domains list as “block all” and short‑circuits before the environment fallback. In BloomSettings, cognito_allowed_domains defaults to an empty list (default_factory=list in bloom_lims/config.py), so when no user YAML config exists (or the auth section omits the field), get_settings() still returns [] and the new code will return __BLOCK_ALL__. That means Cognito logins will always be rejected by default, whereas the previous behavior defaulted to allow all via COGNITO_WHITELIST_DOMAINS=all. Consider only returning the block‑all sentinel when the YAML explicitly sets an empty list or when a separate flag indicates “configured.”
Useful? React with 👍 / 👎.
Document shared Cognito pool configuration, YAML config format, email domain whitelist, and server CLI commands.
Summary
This PR migrates Cognito configuration from .env to YAML config and adds background server mode to the CLI.
YAML Configuration
from_settings()class method to CognitoAuth for YAML config loadingget_cognito_auth()to use~/.config/bloom/bloom-config.yaml(with env fallback)get_allowed_domains()to use YAML config for email domain whitelistConfig file location:
~/.config/bloom/bloom-config.yamlConfig structure:
CLI Improvements
bloom guicommand (--background/-bflag)bloom gui stopcommand to stop background server~/.bloom/logs/Testing
Tested with shared Cognito pool:
johnm+aug@lsmc.comsucceedsRelated
Pull Request opened by Augment Code with guidance from the PR author