Added a few new features.

docker-entrypoint.sh

@@ -35,8 +35,8 @@ else
   echo "No custom CA certificates found in /app/certs"
 fi
 
-# Check if system CA bundle is mounted and use it
-if [ -f "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -L "/etc/ssl/certs/ca-certificates.crt" ]; then
+# Check if system CA bundle is mounted and use it (only if not already set)
+if [ -z "$NODE_EXTRA_CA_CERTS" ] && [ -f "/etc/ssl/certs/ca-certificates.crt" ] && [ ! -L "/etc/ssl/certs/ca-certificates.crt" ]; then
   # Check if it's a mounted file (not the default symlink)
   if [ "$(stat -c '%d' /etc/ssl/certs/ca-certificates.crt 2>/dev/null)" != "$(stat -c '%d' / 2>/dev/null)" ] || \
      [ "$(stat -f '%d' /etc/ssl/certs/ca-certificates.crt 2>/dev/null)" != "$(stat -f '%d' / 2>/dev/null)" ]; then

src/lib/auth.ts

@@ -17,16 +17,35 @@ export const auth = betterAuth({
   // Secret for signing tokens
   secret: process.env.BETTER_AUTH_SECRET,
 
-  // Base URL configuration
-  baseURL: process.env.BETTER_AUTH_URL || "http://localhost:4321",
+  // Base URL configuration - ensure it's a valid URL
+  baseURL: (() => {
+    const url = process.env.BETTER_AUTH_URL || "http://localhost:4321";
+    try {
+      // Validate URL format
+      new URL(url);
+      return url;
+    } catch {
+      console.warn(`Invalid BETTER_AUTH_URL: ${url}, falling back to localhost`);
+      return "http://localhost:4321";
+    }
+  })(),
   basePath: "/api/auth", // Specify the base path for auth endpoints
   
-  // Trusted origins for OAuth flows
-  trustedOrigins: [
-    "http://localhost:4321",
-    "http://localhost:8080", // Keycloak
-    process.env.BETTER_AUTH_URL || "http://localhost:4321"
-  ].filter(Boolean),
+  // Trusted origins for OAuth flows - parse from environment if set
+  trustedOrigins: (() => {
+    const origins = [
+      "http://localhost:4321",
+      "http://localhost:8080", // Keycloak
+      process.env.BETTER_AUTH_URL || "http://localhost:4321"
+    ];
+    
+    // Add trusted origins from environment if set
+    if (process.env.BETTER_AUTH_TRUSTED_ORIGINS) {
+      origins.push(...process.env.BETTER_AUTH_TRUSTED_ORIGINS.split(',').map(o => o.trim()));
+    }
+    
+    return origins.filter(Boolean);
+  })(),
 
   // Authentication methods
   emailAndPassword: {

src/lib/db/schema.ts

@@ -138,6 +138,7 @@ export const repositorySchema = z.object({
       "mirrored",
       "failed",
       "skipped",
+      "ignored",  // User explicitly wants to ignore this repository
       "deleting",
       "deleted",
       "syncing",
@@ -166,6 +167,7 @@ export const mirrorJobSchema = z.object({
       "mirrored",
       "failed",
       "skipped",
+      "ignored",  // User explicitly wants to ignore this repository
       "deleting",
       "deleted",
       "syncing",
@@ -202,6 +204,7 @@ export const organizationSchema = z.object({
       "mirrored",
       "failed",
       "skipped",
+      "ignored",  // User explicitly wants to ignore this repository
       "deleting",
       "deleted",
       "syncing",

src/types/Repository.ts

@@ -6,6 +6,10 @@ export const repoStatusEnum = z.enum([
   "mirroring",
   "mirrored",
   "failed",
+  "skipped",
+  "ignored",  // User explicitly wants to ignore this repository
+  "deleting",
+  "deleted",
   "syncing",
   "synced",
 ]);