fix: Heroku deployment issues - OAuth provider discovery and UserPreference migration (#122)

* fix(config): use dynamic OAuth provider discovery from environment variables

The overrideOAuthProviders function was only looking for providers that
already existed in the config map with hardcoded names (google, github,
microsoft). When no YAML config file was loaded (as on Heroku), the
providers map was empty and no providers would be discovered.

This change makes overrideOAuthProviders work like overrideSAMLProviders
by using envutil.DiscoverProviders to dynamically find all OAuth
providers from environment variables matching the pattern
OAUTH_PROVIDERS_<ID>_ENABLED.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(api): add UserPreference model to GetAllModels() for migrations

The GetAllModels() function in api/store.go was missing the
UserPreference model, which caused the user_preferences table
to not be created during GORM AutoMigrate on server startup.

This aligns GetAllModels() with AllModels() in api/models/models.go
which has all 25 models including UserPreference.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(test): add return after t.Fatal to satisfy staticcheck SA5011

Staticcheck SA5011 warns about possible nil pointer dereference even
after t.Fatal() because it doesn't understand that t.Fatal terminates
execution. Adding explicit return statements after t.Fatal() makes the
control flow clear to the linter.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: ericfitz

.version

@@ -1,5 +1,5 @@
 {
   "major": 0,
   "minor": 276,
-  "patch": 5
+  "patch": 8
 }

api/health_checker_test.go

@@ -32,6 +32,7 @@ func TestHealthChecker_NewHealthChecker(t *testing.T) {
 
 	if checker == nil {
 		t.Fatal("expected non-nil health checker")
+		return // staticcheck: make it clear execution stops here
 	}
 	if checker.timeout != timeout {
 		t.Errorf("expected timeout %v, got %v", timeout, checker.timeout)
@@ -49,6 +50,7 @@ func TestComponentHealthResult_ToAPIComponentHealth(t *testing.T) {
 
 	if apiHealth == nil {
 		t.Fatal("expected non-nil API component health")
+		return // staticcheck: make it clear execution stops here
 	}
 	if apiHealth.Status != ComponentHealthStatusHealthy {
 		t.Errorf("expected healthy status, got %s", apiHealth.Status)

api/store.go

@@ -158,5 +158,6 @@ func GetAllModels() []interface{} {
 		&models.AddonInvocationQuota{},
 		&models.UserAPIQuota{},
 		&models.GroupMember{},
+		&models.UserPreference{},
 	}
 }

api/version.go

@@ -29,7 +29,7 @@ var (
 	// Minor version number
 	VersionMinor = "276"
 	// Patch version number
-	VersionPatch = "5"
+	VersionPatch = "8"
 	// GitCommit is the git commit hash from build
 	GitCommit = "development"
 	// BuildDate is the build timestamp

internal/config/config.go

@@ -445,53 +445,79 @@ func overrideStructWithEnv(v reflect.Value) error {
 
 // overrideOAuthProviders handles environment variable overrides for OAuth providers
 func overrideOAuthProviders(mapField reflect.Value) error {
+	logger := slogging.Get()
+	logger.Info("[CONFIG] overrideOAuthProviders called - starting dynamic OAuth provider discovery")
+
 	if mapField.IsNil() {
-		return nil
+		logger.Info("[CONFIG] OAuth providers map is nil, initializing it")
+		mapField.Set(reflect.MakeMap(mapField.Type()))
 	}
 
-	providers := []string{"google", "github", "microsoft"}
+	// Discover OAuth providers from environment variables
+	providerIDs := envutil.DiscoverProviders("OAUTH_PROVIDERS_", "_ENABLED")
+	logger.Info("[CONFIG] Discovered %d OAuth provider IDs: %v", len(providerIDs), providerIDs)
 
-	for _, providerID := range providers {
-		providerValue := mapField.MapIndex(reflect.ValueOf(providerID))
-		if !providerValue.IsValid() {
+	for _, providerID := range providerIDs {
+		envPrefix := fmt.Sprintf("OAUTH_PROVIDERS_%s_", providerID)
+
+		// Check if this provider is enabled
+		enabledStr := os.Getenv(envPrefix + "ENABLED")
+		if enabledStr != "true" {
+			logger.Info("[CONFIG] OAuth provider %s is not enabled (ENABLED=%s), skipping", providerID, enabledStr)
 			continue
 		}
 
-		// Create a copy of the provider config to modify
-		provider := providerValue.Interface().(OAuthProviderConfig)
-
-		// Override provider-specific environment variables
-		envPrefix := fmt.Sprintf("OAUTH_PROVIDERS_%s_", strings.ToUpper(providerID))
-
-		if val := os.Getenv(envPrefix + "ENABLED"); val != "" {
-			provider.Enabled = val == "true"
-		}
-		if val := os.Getenv(envPrefix + "ICON"); val != "" {
-			provider.Icon = val
-		}
-		if val := os.Getenv(envPrefix + "CLIENT_ID"); val != "" {
-			provider.ClientID = val
-		}
-		if val := os.Getenv(envPrefix + "CLIENT_SECRET"); val != "" {
-			provider.ClientSecret = val
-		}
-		if val := os.Getenv(envPrefix + "AUTHORIZATION_URL"); val != "" {
-			provider.AuthorizationURL = val
+		// Convert provider ID to key (e.g., "GOOGLE" -> "google", "GITHUB" -> "github")
+		providerKey := envutil.ProviderIDToKey(providerID)
+		logger.Info("[CONFIG] Processing OAuth provider: %s (key: %s)", providerID, providerKey)
+
+		// Parse scopes (comma-separated)
+		scopesStr := os.Getenv(envPrefix + "SCOPES")
+		var scopes []string
+		if scopesStr != "" {
+			scopes = strings.Split(scopesStr, ",")
+			for i := range scopes {
+				scopes[i] = strings.TrimSpace(scopes[i])
+			}
 		}
-		if val := os.Getenv(envPrefix + "TOKEN_URL"); val != "" {
-			provider.TokenURL = val
+
+		// Build userinfo endpoints array
+		var userInfoEndpoints []UserInfoEndpoint
+		if userinfoURL := os.Getenv(envPrefix + "USERINFO_URL"); userinfoURL != "" {
+			userInfoEndpoints = append(userInfoEndpoints, UserInfoEndpoint{
+				URL: userinfoURL,
+			})
 		}
-		if val := os.Getenv(envPrefix + "ISSUER"); val != "" {
-			provider.Issuer = val
+
+		// Create new OAuth provider config
+		provider := OAuthProviderConfig{
+			ID:               providerKey,
+			Name:             os.Getenv(envPrefix + "NAME"),
+			Enabled:          true,
+			Icon:             os.Getenv(envPrefix + "ICON"),
+			ClientID:         os.Getenv(envPrefix + "CLIENT_ID"),
+			ClientSecret:     os.Getenv(envPrefix + "CLIENT_SECRET"),
+			AuthorizationURL: os.Getenv(envPrefix + "AUTHORIZATION_URL"),
+			TokenURL:         os.Getenv(envPrefix + "TOKEN_URL"),
+			Issuer:           os.Getenv(envPrefix + "ISSUER"),
+			JWKSURL:          os.Getenv(envPrefix + "JWKS_URL"),
+			Scopes:           scopes,
+			UserInfo:         userInfoEndpoints,
 		}
-		if val := os.Getenv(envPrefix + "JWKS_URL"); val != "" {
-			provider.JWKSURL = val
+
+		// Use key as default name if not set
+		if provider.Name == "" {
+			provider.Name = providerKey
 		}
 
-		// Set the modified provider back to the map
-		mapField.SetMapIndex(reflect.ValueOf(providerID), reflect.ValueOf(provider))
+		logger.Info("[CONFIG] Adding OAuth provider %s to map (ID: %s, Name: %s, ClientID set: %v)",
+			providerKey, provider.ID, provider.Name, provider.ClientID != "")
+
+		// Set the provider in the map
+		mapField.SetMapIndex(reflect.ValueOf(providerKey), reflect.ValueOf(provider))
 	}
 
+	logger.Info("[CONFIG] OAuth provider discovery complete, %d providers in map", mapField.Len())
 	return nil
 }