fix(idnot): fallback redirect_uri si variable vide (|| au lieu de ??)

.env.bak_20250917_072313

@@ -0,0 +1,76 @@
+# Variables d'environnement pour l'application back-end
+NODE_OPTIONS=--max-old-space-size=2048
+NODE_ENV=production
+
+# Configuration IDNOT
+IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
+IDNOT_API_KEY='ba557f84-0bf6-4dbf-844f-df2767555e3e'
+IDNOT_CLIENT_ID=B3CE56353EDB15A9
+IDNOT_CLIENT_SECRET=3F733549E879878344B6C949B366BB5CDBB2DB5B7F7AB7EBBEBB0F0DD0776D1C
+# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client
+IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
+IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
+IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire
+
+# Configuration OVH
+OVH_APP_KEY=5ab0709bbb65ef26
+OVH_APP_SECRET=de1fac1779d707d263a611a557cd5766
+OVH_CONSUMER_KEY=5fe817829b8a9c780cfa2354f8312ece
+OVH_SMS_SERVICE_NAME=sms-tt802880-1
+
+# Configuration SMS Factor
+SMS_FACTOR_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI4NzgzNiIsImlhdCI6MTcwMTMzOTY1Mi45NDUzOH0.GNoqLb5MDBWuniNlQjbr1PKolwxGqBZe_tf4IMObvHw
+
+# Configuration Mailchimp
+MAILCHIMP_API_KEY=md-VVfaml-ApIV4nsGgaJKl0A
+MAILCHIMP_KEY=3fa54304bc766dfd0b8043a827b28a3a-us17
+MAILCHIMP_LIST_ID=a48d9ad852
+
+# Configuration Stripe
+STRIPE_SECRET_KEY=sk_test_51OwKmMP5xh1u9BqSeFpqw0Yr15hHtFsh0pvRGaE0VERhlYtvw33ND1qiGA6Dy1DPmmV61B6BqIimlhuv7bwElhjF00PLQwD60n
+STRIPE_WEBHOOK_SECRET=
+STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=price_1P66fuP5xh1u9BqSHj0O6Uy3
+STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NsRP5xh1u9BqSFgkUDbQY
+STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=price_1P66RqP5xh1u9BqSuUzkQNac
+STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=price_1P9NpKP5xh1u9BqSApFogvUB
+
+# Configuration serveur
+APP_HOST=https://dev4.4nkweb.com/lecoffre
+# API_BASE_URL=https://demo.4nkweb.com/back
+API_BASE_URL=https://dev4.4nkweb.com/back
+# DEFAULT_STORAGE=https://demo.4nkweb.com/storage
+DEFAULT_STORAGE=https://dev4.4nkweb.com/storage
+
+# Variables d'environnement pour l'application front-end
+# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
+NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/
+# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
+NEXT_PUBLIC_IDNOT_CLIENT_ID=B3CE56353EDB15A9
+NEXT_PUBLIC_BACK_API_PROTOCOL=https
+NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
+NEXT_PUBLIC_BACK_API_PORT=443
+NEXT_PUBLIC_BACK_API_ROOT_URL=/back
+NEXT_PUBLIC_BACK_API_VERSION=/v1
+# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client'
+NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client'
+NEXT_PUBLIC_TARGET_ORIGIN = https://dev4.4nkweb.com/lecoffre
+
+NEXT_PUBLIC_DOCAPOSTE_API_URL=
+NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back
+NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=
+NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
+NEXT_PUBLIC_HOTJAR_SITE_ID=
+NEXT_PUBLIC_HOTJAR_VERSION=
+
+# WS
+# RELAY_URLS=wss://demo.4nkweb.com/ws
+RELAY_URLS=wss://dev4.4nkweb.com/ws
+# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+
+# IHM URLS
+# VITE_BOOTSTRAPURL=http://sdk_relay:8090/
+VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/

.env.exemple

@@ -1,17 +1,64 @@
- #Variables d'environnement pour l'application back-end
+# Variables d'environnement pour l'application back-end
 NODE_OPTIONS=--max-old-space-size=2048
 NODE_ENV=production
 
 # Configuration IDNOT
 IDNOT_ANNUARY_BASE_URL=https://qual-api.notaires.fr/annuaire
-IDNOT_API_KEY=
-IDNOT_CLIENT_ID=
-IDNOT_CLIENT_SECRET=
-# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3000/authorized-client
+# IDNOT_REDIRECT_URI=http://local.4nkweb.com:3004/authorized-client
 IDNOT_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
 IDNOT_TOKEN_URL=https://qual-connexion.idnot.fr/user/IdPOAuth2/token/idnot_idp_v1
 IDNOT_API_BASE_URL=https://qual-api.notaires.fr/annuaire
 
+# Configuration serveur
+APP_HOST=dev4.4nkweb.com
+# API_BASE_URL=https://demo.4nkweb.com/back
+API_BASE_URL=https://dev4.4nkweb.com/back
+# DEFAULT_STORAGE=https://demo.4nkweb.com/storage
+DEFAULT_STORAGE=https://dev4.4nkweb.com/storage
+
+# Variables d'environnement pour l'application front-end
+# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
+NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com
+# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
+NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_FRONT_APP_PORT=443
+NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
+NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
+NEXT_PUBLIC_BACK_API_PROTOCOL=https://
+NEXT_PUBLIC_BACK_API_HOST=dev4.4nkweb.com
+NEXT_PUBLIC_BACK_API_PORT=443
+NEXT_PUBLIC_BACK_API_ROOT_URL=/back
+NEXT_PUBLIC_BACK_API_VERSION=v1
+# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3004/authorized-client'
+NEXT_PUBLIC_ANK_BASE_REDIRECT_URI=https://dev4.4nkweb.com/lecoffre/authorized-client
+NEXT_PUBLIC_TARGET_ORIGIN=https://dev4.4nkweb.com/lecoffre
+NEXT_PUBLIC_4NK_IFRAME_URL=https://dev4.4nkweb.com
+NEXT_PUBLIC_IDNOT_REDIRECT_URI=http://local.lecoffreio.4nkweb:3000/authorized-client
+
+NEXT_PUBLIC_DOCAPOSTE_API_URL=
+NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back
+NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=28c9a3a8151bef545ebf700ca5222c63d0031ad593097e95c1de202464304a99
+NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
+NEXT_PUBLIC_HOTJAR_SITE_ID=0
+NEXT_PUBLIC_HOTJAR_VERSION=1.0.9
+
+# WS
+# RELAY_URLS=wss://demo.4nkweb.com/ws
+RELAY_URLS=wss://dev4.4nkweb.com/ws
+# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
+
+# IHM URLS
+# VITE_BOOTSTRAPURL=http://sdk_relay:8090/
+VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/
+
+# ================================= /!\ sensible ========================
+
+IDNOT_API_KEY=
+IDNOT_CLIENT_ID=
+IDNOT_CLIENT_SECRET=
+NEXT_PUBLIC_IDNOT_CLIENT_ID=
+
 # Configuration OVH
 OVH_APP_KEY=
 OVH_APP_SECRET=
@@ -19,7 +66,7 @@ OVH_CONSUMER_KEY=
 OVH_SMS_SERVICE_NAME=
 
 # Configuration SMS Factor
-SMS_FACTOR_TOKEN=.
+SMS_FACTOR_TOKEN=
 
 # Configuration Mailchimp
 MAILCHIMP_API_KEY=
@@ -33,44 +80,3 @@ STRIPE_STANDARD_SUBSCRIPTION_PRICE_ID=
 STRIPE_STANDARD_ANNUAL_SUBSCRIPTION_PRICE_ID=
 STRIPE_UNLIMITED_SUBSCRIPTION_PRICE_ID=
 STRIPE_UNLIMITED_ANNUAL_SUBSCRIPTION_PRICE_ID=
-
-# Configuration serveur
-APP_HOST=http://localhost:3000
-# API_BASE_URL=https://demo.4nkweb.com/back
-API_BASE_URL=https://dev4.4nkweb.com/back
-# DEFAULT_STORAGE=https://demo.4nkweb.com/storage
-DEFAULT_STORAGE=https://dev4.4nkweb.com/storage
-
-# Variables d'environnement pour l'application front-end
-# NEXT_PUBLIC_4NK_URL=http://demo.4nkweb.com/
-NEXT_PUBLIC_4NK_URL=https://dev4.4nkweb.com/
-# NEXT_PUBLIC_FRONT_APP_HOST=https://demo.4nkweb.com
-NEXT_PUBLIC_FRONT_APP_HOST=https://dev4.4nkweb.com/lecoffre
-NEXT_PUBLIC_IDNOT_BASE_URL=https://qual-connexion.idnot.fr
-NEXT_PUBLIC_IDNOT_AUTHORIZE_ENDPOINT=/IdPOAuth2/authorize/idnot_idp_v1
-NEXT_PUBLIC_IDNOT_CLIENT_ID=
-NEXT_PUBLIC_BACK_API_PROTOCOL=http
-NEXT_PUBLIC_BACK_API_HOST=localhost
-NEXT_PUBLIC_BACK_API_PORT=8080
-NEXT_PUBLIC_BACK_API_ROOT_URL=/api
-NEXT_PUBLIC_BACK_API_VERSION=/v1
-# NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='http://local.4nkweb.com:3000/authorized-client'
-NEXT_PUBLIC_ANK_BASE_REDIRECT_URI='https://dev4.4nkweb.com/lecoffre/authorized-client'
-NEXT_PUBLIC_TARGET_ORIGIN = https://dev4.4nkweb.com/lecoffre
-
-NEXT_PUBLIC_DOCAPOSTE_API_URL=
-NEXT_PUBLIC_API_URL=https://dev4.4nkweb.com/back
-NEXT_PUBLIC_DEFAULT_VALIDATOR_ID=
-NEXT_PUBLIC_DEFAULT_STORAGE_URLS=https://dev4.4nkweb.com/storage
-NEXT_PUBLIC_HOTJAR_SITE_ID=
-NEXT_PUBLIC_HOTJAR_VERSION=
-
-# WS
-# RELAY_URLS=wss://demo.4nkweb.com/ws
-RELAY_URLS=wss://dev4.4nkweb.com/ws
-# SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
-SIGNER_WS_URL=https://dev4.4nkweb.com/signer/
-
-# IHM URLS
-# VITE_BOOTSTRAPURL=http://sdk_relay:8090/
-VITE_BOOTSTRAPURL=https://dev4.4nkweb.com/ws/

conf/nginx/dev4.4nkweb.com-https.conf

@@ -4,8 +4,15 @@ server {
     ssl_certificate     /etc/letsencrypt/live/dev4.4nkweb.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/dev4.4nkweb.com/privkey.pem;
     include /etc/nginx/proxy_params;
+    location = /lecoffre {
+        proxy_pass http://127.0.0.2:3004/lecoffre;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Prefix /lecoffre;
+    }
     location /lecoffre/ {
-        proxy_pass http://127.0.0.2:3004/;
+        proxy_pass http://127.0.0.2:3004;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto https;
         proxy_set_header X-Forwarded-Host $host;
@@ -22,6 +29,7 @@ server {
     }
 
     location /lecoffre/_next/ {
+        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
         proxy_read_timeout 300;
     }
     location /_next/ {

conf/nginx/dev4.4nkweb.com.conf

@@ -27,8 +27,17 @@ server {
     }
 
     # lecoffre-front
+    location = /lecoffre {
+        proxy_pass http://127.0.0.2:3004/lecoffre;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Prefix /lecoffre;
+        proxy_read_timeout 300;
+    }
     location /lecoffre/ {
-        proxy_pass http://127.0.0.2:3004/;
+        proxy_pass http://127.0.0.2:3004;
         include /etc/nginx/proxy_params;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto http;
@@ -45,12 +54,12 @@ server {
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-Proto http;
         proxy_buffering off;
-        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
+        proxy_pass http://127.0.0.2:3004/lecoffre/_next/webpack-hmr;
         proxy_read_timeout 600s;
     }
 
     location /lecoffre/_next/ {
-        proxy_pass http://127.0.0.2:3004/_next/;
+        proxy_pass http://127.0.0.2:3004/lecoffre/_next/;
         include /etc/nginx/proxy_params;
         proxy_read_timeout 300;
     }

conf/nginx/dev4.4nkweb.com.conf.bak_20250917_072557

@@ -0,0 +1,147 @@
+# HTTP server for ACME and initial proxying
+server {
+    listen 80;
+    server_name dev4.4nkweb.com;
+
+    # ACME HTTP-01 challenges
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt;
+    }
+
+    # ihm_client (root)
+    location / {
+        proxy_pass http://127.0.0.1:3003;
+        include /etc/nginx/proxy_params;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_read_timeout 300;
+    }
+
+    # Favicon (global)
+    location = /favicon.ico {
+        root /home/debian/lecoffre_node/conf/nginx/assets;
+        try_files /favicon.ico =404;
+        access_log off;
+        expires 30d;
+    }
+
+    # lecoffre-front
+    location /lecoffre/ {
+        proxy_pass http://127.0.0.2:3004/;
+        include /etc/nginx/proxy_params;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Prefix /lecoffre;
+        proxy_read_timeout 300;
+    }
+
+    # Next.js assets and HMR under basePath
+    location /lecoffre/_next/webpack-hmr {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_buffering off;
+        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
+        proxy_read_timeout 600s;
+    }
+
+    location /lecoffre/_next/ {
+        proxy_pass http://127.0.0.2:3004/_next/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # Favicon sous /lecoffre
+    location = /lecoffre/favicon.ico {
+        root /home/debian/lecoffre_node/conf/nginx/assets;
+        try_files /favicon.ico =404;
+        access_log off;
+        expires 30d;
+    }
+
+    # Next.js assets (served at root by the app)
+    location /_next/ {
+        proxy_pass http://127.0.0.2:3004/_next/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # lecoffre-back
+    location /back/ {
+        proxy_pass http://127.0.0.1:8080/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # API alias → même backend que /back
+    location /api/ {
+        proxy_pass http://127.0.0.1:8080/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # blindbit
+    location /blindbit/ {
+        proxy_pass http://127.0.0.1:8000/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # signer (sdk_signer)
+    location /signer/ {
+        proxy_pass http://127.0.0.1:3001/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # storage (sdk_storage)
+    location /storage/ {
+        proxy_pass http://127.0.0.1:8081/;
+        include /etc/nginx/proxy_params;
+        proxy_read_timeout 300;
+    }
+
+    # WebSocket relay on /ws → 8090
+    location = /ws {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_buffering off;
+        proxy_pass http://127.0.0.1:8090/;
+        proxy_read_timeout 600s;
+    }
+
+    location /ws/ {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_buffering off;
+        # Strip /ws prefix when proxying to backend root
+        proxy_pass http://127.0.0.1:8090/;
+        proxy_read_timeout 600s;
+    }
+
+    # Next.js HMR websocket for lecoffre-front
+    location /_next/webpack-hmr {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto http;
+        proxy_buffering off;
+        proxy_pass http://127.0.0.2:3004/_next/webpack-hmr;
+        proxy_read_timeout 300;
+    }
+}

docker-compose.yml

@@ -115,8 +115,7 @@ services:
     container_name: lecoffre-front
     env_file:
       - .env
-    environment:
-      - NODE_ENV=production
+
     ports:
       - "127.0.0.2:3004:3000"
     networks:

lecoffre-front-src

@@ -0,0 +1 @@
+Subproject commit 186f8f10757abd44d3e1883f8d05d7a8ab208009

tests/smoke_dev4.md

@@ -1,12 +1,12 @@
 # Tests de fumée dev4
 
 HTTP/HTTPS
-- GET / (ihm_client) attend 200
-- GET /lecoffre/ attend 200
-- GET /back/health attend 200
-- GET /storage/health attend 200
+- GET / (ihm_client) attend 200 → Observé: 200
+- GET /lecoffre/ attend 200 → Observé: 404 (page 404 servie, app OK sous /lecoffre/404)
+- GET /back/ attend 200 → Observé: 200
+- GET /storage/ attend 200 → Observé: 404 (à valider: endpoint /storage/health?)
 WebSocket
-- wss://dev4.4nkweb.com/ws handshake OK
+- wss://dev4.4nkweb.com/ws handshake OK → À vérifier (outil ws requis côté serveur)
 
 Redirections
 - GET http://local.4nkweb.com:3000/ attend 301 → Location: https://dev4.4nkweb.com/lecoffre/
@@ -18,3 +18,12 @@ DNS côté client
 Nginx
 - Certificats valides
 - Pas derreurs critiques dans error.log
+
+Résultats (17/09/2025)
+- / → 200
+- /lecoffre/ → 404
+- /lecoffre/404 → 404 (avec `runtimeConfig` présent et `assetPrefix` = /lecoffre)
+- /back/ → 200
+- /blindbit/ → 200
+- /signer/ → 200
+- /storage/ → 404