All API routes were moved under /api prefix as part of the unified
deployment architecture. Updated test files to reflect this change:
- basics.rs: Update root and auth/providers routes
- health.rs: Update health endpoint routes
- oauth.rs: Update all OAuth and auth callback routes, plus redirect locations
- sessions.rs: Update profile and logout routes
This fixes 9 failing tests that were expecting routes without the /api prefix.
This commit introduces a comprehensive deployment strategy that unifies the frontend and backend into a single Docker container served by the Rust backend, streamlining the deployment process and improving production architecture.
Key changes:
- Split CI/CD workflows: separated build.yaml (for CI/PR checks) and deploy.yaml (for production deployment)
- Implemented unified Docker deployment where the Axum server serves both API routes (under /api) and frontend static files
- Added GitHub Container Registry integration for Docker image distribution
- Updated Railway configuration to use the new healthcheck path (/api/health)
- Enhanced postgres.ts script with named volumes and constants for better container management
- Added API client utilities (web/lib/api.ts) and environment configuration (web/.env.example) for frontend-backend communication
- Configured Vite proxy for local development while supporting same-origin requests in production
- Updated Dockerfile to include frontend static files and proper environment variable handling
This architecture eliminates the need for separate deployments and CORS configuration, as the frontend and API are served from the same origin.
- Add retry configuration for flaky tests (2 retries for default, 3 for
OAuth)
- Configure test groups with proper concurrency limits (serial: 1,
integration: 4)
- Add tower-http tracing layer with custom span formatting for HTTP
requests
- Simplify database pool handling by removing unnecessary Arc wrapper
- Improve test context setup with better logging and error handling
- Refactor user creation parameters for better clarity and consistency
- Add debug logging for OAuth cookie handling
- Replace in-memory PKCE storage with encrypted session cookies
- Add PKCE verifier and CSRF state fields to JWT Claims struct
- Move common PKCE validation logic to OAuthProvider trait
- Extract provider-specific methods for token exchange and user fetching
- Remove PkceManager and DashMap-based storage system
- Update GitHub and Discord providers to use new session-based approach
