Merge develop into feature/pbs-26-2

CHANGELOG

@@ -2,6 +2,31 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+26.5.0 (2026-02-26)
+===================
+
+* Config updates to enable Angular SSR
+
+26.4.0 (2026-02-26)
+===================
+
+* Search and fetch funder ids from ROR instead of CrossRef
+
+26.3.1 (2026-02-25)
+===================
+
+* Hotfix to prevent 403 error when fetching metadata from causing a redirect
+
+26.3.0 (2026-02-24)
+===================
+
+* FAIR Signposting
+
+26.2.1 (2026-02-03)
+===================
+
+* Hotfix for navigation translations and contributor search
+
 26.2.0 (2026-01-29)
 ===================
 

Dockerfile

@@ -1,59 +1,37 @@
-# Build
-FROM node:22-alpine AS build
-
+# Dependencies stage
+FROM node:22-alpine AS deps
 WORKDIR /app
-
 COPY package*.json ./
-RUN npm install
+RUN npm ci --no-audit --no-fund
 
+# Build stage (SSR build output)
+FROM deps AS build
 COPY . .
+RUN NG_BUILD_OPTIMIZE_CHUNKS=1 npx ng build --configuration=ssr --verbose
 
-RUN npm link @angular/cli
-RUN NG_BUILD_OPTIMIZE_CHUNKS=1 ng build --verbose
-
-# Dist
-FROM node:22-alpine AS dist
-
-WORKDIR /code
-
-COPY --from=build /app/dist /code/dist
-
-# SSR
-FROM node:22-alpine AS ssr
-
+# SSR runtime stage
+FROM build AS ssr
 WORKDIR /app
-
-COPY package*.json ./
-RUN npm install
-
-COPY . .
-
-RUN npm link @angular/cli
-RUN NG_BUILD_OPTIMIZE_CHUNKS=1 ng build --configuration=ssr --verbose
-
-RUN npm ci --omit=dev --ignore-scripts --no-audit --no-fund
-
+RUN npm prune --omit=dev --no-audit --no-fund
 EXPOSE 4000
-
 ENV PORT=4000
-
 CMD ["node", "dist/osf/server/server.mjs"]
 
-# Dev - run only
-FROM build AS dev
+# Static dist artifact stage
+FROM node:22-alpine AS dist
+WORKDIR /code
+COPY --from=build /app/dist /code/dist
 
+# Dev server stage
+FROM deps AS dev
+COPY . .
 EXPOSE 4200
+CMD ["npx", "ng", "serve", "--host", "0.0.0.0"]
 
-CMD ["ng", "serve"]
-
-# Local Development - coding
+# Local development stage
 FROM node:22-alpine AS local-dev
 WORKDIR /app
-
-# Install deps in the image (kept in container)
 COPY package*.json ./
-# COPY package-lock.docker.json ./package-lock.json
 RUN npm ci --no-audit --no-fund
-
-# Expose Angular dev server
 EXPOSE 4200
+CMD ["npx", "ng", "serve", "--host", "0.0.0.0"]

package.json

@@ -1,6 +1,6 @@
 {
   "name": "osf",
-  "version": "26.2.0",
+  "version": "26.5.0",
   "scripts": {
     "ng": "ng",
     "analyze-bundle": "ng build --configuration=analyze-bundle && source-map-explorer dist/**/*.js --no-border-checks",

src/@types/ace-builds.d.ts

@@ -0,0 +1 @@
+declare module 'ace-builds/src-noconflict/ext-language_tools';

src/app/app.config.server.ts

@@ -2,11 +2,42 @@ import { ApplicationConfig, mergeApplicationConfig } from '@angular/core';
 import { provideServerRendering } from '@angular/platform-server';
 import { provideServerRouting } from '@angular/ssr';
 
+import { SSR_CONFIG } from '@core/constants/ssr-config.token';
+import { ConfigModel } from '@core/models/config.model';
+
 import { appConfig } from './app.config';
 import { serverRoutes } from './app.routes.server';
 
+import { existsSync, readFileSync } from 'node:fs';
+import { dirname, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+function loadSsrConfig(): ConfigModel {
+  const serverDistFolder = dirname(fileURLToPath(import.meta.url));
+  const configPath = resolve(serverDistFolder, '../browser/assets/config/config.json');
+
+  let config = {} as ConfigModel;
+
+  if (existsSync(configPath)) {
+    try {
+      config = JSON.parse(readFileSync(configPath, 'utf-8'));
+    } catch {
+      config = {} as ConfigModel;
+    }
+  }
+
+  return {
+    ...config,
+    throttleToken: process.env['THROTTLE_TOKEN'] || '',
+  } as ConfigModel;
+}
+
 const serverConfig: ApplicationConfig = {
-  providers: [provideServerRendering(), provideServerRouting(serverRoutes)],
+  providers: [
+    provideServerRendering(),
+    provideServerRouting(serverRoutes),
+    { provide: SSR_CONFIG, useFactory: loadSsrConfig },
+  ],
 };
 
 export const config = mergeApplicationConfig(appConfig, serverConfig);

src/app/app.routes.server.ts

@@ -133,6 +133,14 @@ export const serverRoutes: ServerRoute[] = [
     path: ':id/overview',
     renderMode: RenderMode.Server,
   },
+  {
+    path: ':id/metadata/:recordId',
+    renderMode: RenderMode.Server,
+  },
+  {
+    path: ':id/wiki',
+    renderMode: RenderMode.Server,
+  },
   {
     path: ':id/files/**',
     renderMode: RenderMode.Server,

src/app/core/components/nav-menu/nav-menu.component.ts

@@ -44,10 +44,12 @@ export class NavMenuComponent {
   private readonly isAuthenticated = select(UserSelectors.isAuthenticated);
   private readonly currentResource = select(CurrentResourceSelectors.getCurrentResource);
   private readonly provider = select(ProviderSelectors.getCurrentProvider);
+  private readonly translationsReady = toSignal(this.translateService.stream('navigation.overview'));
 
   readonly actions = createDispatchMap({ getResourceDetails: GetResourceDetails });
 
   readonly mainMenuItems = computed(() => {
+    this.translationsReady();
     const isAuthenticated = this.isAuthenticated();
     const filtered = filterMenuItems(MENU_ITEMS, isAuthenticated);
 

src/app/core/constants/ssr-config.token.ts

@@ -0,0 +1,5 @@
+import { InjectionToken } from '@angular/core';
+
+import { ConfigModel } from '@core/models/config.model';
+
+export const SSR_CONFIG = new InjectionToken<ConfigModel>('SSR_CONFIG');

src/app/core/helpers/i18n.helper.ts

@@ -1,10 +1,20 @@
 import { TranslateLoader, TranslateModuleConfig } from '@ngx-translate/core';
 import { TranslateHttpLoader } from '@ngx-translate/http-loader';
 
+import { isPlatformServer } from '@angular/common';
 import { HttpClient } from '@angular/common/http';
+import { inject, PLATFORM_ID } from '@angular/core';
+
+import { ENVIRONMENT } from '@core/provider/environment.provider';
 
 function httpLoaderFactory(http: HttpClient): TranslateHttpLoader {
-  return new TranslateHttpLoader(http, './assets/i18n/', '.json');
+  const platformId = inject(PLATFORM_ID);
+  const environment = inject(ENVIRONMENT);
+  const basePrefix = '/assets/i18n/';
+  const webUrl = environment.webUrl?.replace(/\/+$/, '') ?? '';
+  const prefix = isPlatformServer(platformId) && webUrl ? `${webUrl}${basePrefix}` : basePrefix;
+
+  return new TranslateHttpLoader(http, prefix, '.json');
 }
 
 export const provideTranslation = (): TranslateModuleConfig => ({

src/app/core/interceptors/auth.interceptor.spec.ts

@@ -4,35 +4,33 @@ import { MockProvider } from 'ng-mocks';
 import { of } from 'rxjs';
 
 import { HttpRequest } from '@angular/common/http';
-import { runInInjectionContext } from '@angular/core';
+import { PLATFORM_ID, runInInjectionContext } from '@angular/core';
 import { TestBed } from '@angular/core/testing';
 
+import { ENVIRONMENT } from '@core/provider/environment.provider';
+import { EnvironmentModel } from '@osf/shared/models/environment.model';
+
 import { authInterceptor } from './auth.interceptor';
 
 describe('authInterceptor', () => {
   let cookieService: CookieService;
-  let mockHandler: jest.Mock;
+  let cookieServiceMock: { get: jest.Mock };
 
-  beforeEach(() => {
-    mockHandler = jest.fn();
+  const setup = (platformId = 'browser', environmentOverrides: Partial<EnvironmentModel> = {}) => {
+    cookieServiceMock = { get: jest.fn() };
 
     TestBed.configureTestingModule({
       providers: [
-        MockProvider(CookieService, {
-          get: jest.fn(),
-        }),
-        {
-          provide: 'PLATFORM_ID',
-          useValue: 'browser',
-        },
-        {
-          provide: 'REQUEST',
-          useValue: null,
-        },
+        MockProvider(CookieService, cookieServiceMock),
+        MockProvider(PLATFORM_ID, platformId),
+        MockProvider(ENVIRONMENT, { throttleToken: '', ...environmentOverrides } as EnvironmentModel),
       ],
     });
 
     cookieService = TestBed.inject(CookieService);
+  };
+
+  beforeEach(() => {
     jest.clearAllMocks();
   });
 
@@ -44,12 +42,13 @@ describe('authInterceptor', () => {
   };
 
   const createHandler = () => {
-    const handler = mockHandler.mockReturnValue(of({}));
+    const handler = jest.fn().mockReturnValue(of({}));
     return handler;
   };
 
-  it('should skip CrossRef funders API requests', () => {
-    const request = createRequest('/api.crossref.org/funders/10.13039/100000001');
+  it('should skip ROR funders API requests', () => {
+    setup();
+    const request = createRequest('https://api.ror.org/v2');
     const handler = createHandler();
 
     runInInjectionContext(TestBed, () => authInterceptor(request, handler));
@@ -60,6 +59,7 @@ describe('authInterceptor', () => {
   });
 
   it('should set Accept header to */* for text response type', () => {
+    setup();
     const request = createRequest('/api/v2/projects/', { responseType: 'text' });
     const handler = createHandler();
 
@@ -71,6 +71,7 @@ describe('authInterceptor', () => {
   });
 
   it('should set Accept header to API version for json response type', () => {
+    setup();
     const request = createRequest('/api/v2/projects/', { responseType: 'json' });
     const handler = createHandler();
 
@@ -82,6 +83,7 @@ describe('authInterceptor', () => {
   });
 
   it('should set Content-Type header when not present', () => {
+    setup();
     const request = createRequest('/api/v2/projects/');
     const handler = createHandler();
 
@@ -93,6 +95,7 @@ describe('authInterceptor', () => {
   });
 
   it('should not override existing Content-Type header', () => {
+    setup();
     const request = createRequest('/api/v2/projects/');
     const requestWithHeaders = request.clone({
       setHeaders: { 'Content-Type': 'application/json' },
@@ -107,7 +110,8 @@ describe('authInterceptor', () => {
   });
 
   it('should add CSRF token and withCredentials in browser platform', () => {
-    jest.spyOn(cookieService, 'get').mockReturnValue('csrf-token-123');
+    setup();
+    cookieServiceMock.get.mockReturnValue('csrf-token-123');
 
     const request = createRequest('/api/v2/projects/');
     const handler = createHandler();
@@ -122,7 +126,8 @@ describe('authInterceptor', () => {
   });
 
   it('should not add CSRF token when not available in browser platform', () => {
-    jest.spyOn(cookieService, 'get').mockReturnValue('');
+    setup();
+    cookieServiceMock.get.mockReturnValue('');
 
     const request = createRequest('/api/v2/projects/');
     const handler = createHandler();
@@ -135,4 +140,37 @@ describe('authInterceptor', () => {
     expect(modifiedRequest.headers.has('X-CSRFToken')).toBe(false);
     expect(modifiedRequest.withCredentials).toBe(true);
   });
+
+  it('should not add X-Throttle-Token on browser platform', () => {
+    setup('browser', { throttleToken: 'test-token' });
+    const request = createRequest('/api/v2/projects/');
+    const handler = createHandler();
+
+    runInInjectionContext(TestBed, () => authInterceptor(request, handler));
+
+    const modifiedRequest = handler.mock.calls[0][0];
+    expect(modifiedRequest.headers.has('X-Throttle-Token')).toBe(false);
+  });
+
+  it('should add X-Throttle-Token on server platform when token is present', () => {
+    setup('server', { throttleToken: 'test-token' });
+    const request = createRequest('/api/v2/projects/');
+    const handler = createHandler();
+
+    runInInjectionContext(TestBed, () => authInterceptor(request, handler));
+
+    const modifiedRequest = handler.mock.calls[0][0];
+    expect(modifiedRequest.headers.get('X-Throttle-Token')).toBe('test-token');
+  });
+
+  it('should not add X-Throttle-Token on server platform when token is empty', () => {
+    setup('server', { throttleToken: '' });
+    const request = createRequest('/api/v2/projects/');
+    const handler = createHandler();
+
+    runInInjectionContext(TestBed, () => authInterceptor(request, handler));
+
+    const modifiedRequest = handler.mock.calls[0][0];
+    expect(modifiedRequest.headers.has('X-Throttle-Token')).toBe(false);
+  });
 });