e2b-dev · ben-fornefeld · May 28, 2026
@@ -0,0 +1,56 @@
+package api
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// TestStaticAndParamSiblingsCoexist guards against gin's router rejecting or
+// misrouting the sibling pair POST /admin/users/bootstrap and
+// POST /admin/users/:userId/bootstrap. The pair was flagged as a potential
+// httprouter conflict; this verifies gin handles it correctly.
+func TestStaticAndParamSiblingsCoexist(t *testing.T) {
+	t.Parallel()
+
+	r := gin.New()
+
+	require.NotPanics(t, func() {
+		r.POST("/admin/users/bootstrap", func(c *gin.Context) {
+			c.String(http.StatusOK, "static")
+		})
+		r.POST("/admin/users/:userId/bootstrap", func(c *gin.Context) {
+			c.String(http.StatusOK, "param:"+c.Param("userId"))
+		})
+	}, "gin must accept sibling static and parameter segments at the same level")
+
+	cases := []struct {
+		path string
+		want string
+	}{
+		{"/admin/users/bootstrap", "static"},
+		{"/admin/users/abc-123/bootstrap", "param:abc-123"},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.path, func(t *testing.T) {
+			t.Parallel()
+
+			req := httptest.NewRequestWithContext(
+				t.Context(),
+				http.MethodPost,
+				tc.path,
+				nil,
+			)
+			rec := httptest.NewRecorder()
+			r.ServeHTTP(rec, req)
+
+			assert.Equal(t, http.StatusOK, rec.Code)
+			assert.Equal(t, tc.want, rec.Body.String())
+		})
+	}
+}
@@ -1,14 +1,21 @@
 package handlers
 
 import (
+	"errors"
+	"fmt"
 	"net/http"
+	"strings"
 
 	"github.com/gin-gonic/gin"
 
 	"github.com/e2b-dev/infra/packages/dashboard-api/internal/api"
+	"github.com/e2b-dev/infra/packages/shared/pkg/ginutils"
 	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
 )
 
+// PostAdminUsersUserIdBootstrap is the legacy bootstrap path; effectively
+// deprecated and only used by Supabase-backed deployments. New OIDC-based
+// dashboard setups should use PostAdminUsersBootstrap.
 func (s *APIStore) PostAdminUsersUserIdBootstrap(c *gin.Context, userId api.UserId) {
 	ctx := c.Request.Context()
 	telemetry.ReportEvent(ctx, "bootstrap user")
@@ -25,3 +32,45 @@ func (s *APIStore) PostAdminUsersUserIdBootstrap(c *gin.Context, userId api.User
 		Slug: team.Slug,
 	})
 }
+
+// PostAdminUsersBootstrap is the new bootstrap entry point for dashboards
+// using a generic OIDC provider.
+func (s *APIStore) PostAdminUsersBootstrap(c *gin.Context) {
+	ctx := c.Request.Context()
+	telemetry.ReportEvent(ctx, "bootstrap auth provider user")
+
+	body, err := ginutils.ParseBody[api.AdminAuthProviderUserBootstrapRequest](ctx, c)
+	if err != nil {
+		telemetry.ReportErrorByCode(ctx, http.StatusBadRequest, "bootstrap auth provider user failed", fmt.Errorf("parse bootstrap auth provider user request: %w", err))
+		s.sendAPIStoreError(c, http.StatusBadRequest, "Invalid request body")
+
+		return
+	}
+
+	oidcIssuer := strings.TrimSpace(body.OidcIssuer)
+	oidcUserID := strings.TrimSpace(body.OidcUserId)
+	oidcUserEmail := strings.TrimSpace(string(body.OidcUserEmail))
+	if oidcIssuer == "" || oidcUserID == "" || oidcUserEmail == "" {
+		telemetry.ReportErrorByCode(ctx, http.StatusBadRequest, "bootstrap auth provider user failed", errors.New("oidc_issuer, oidc_user_id and oidc_user_email must be non-empty"))
+		s.sendAPIStoreError(c, http.StatusBadRequest, "oidc_issuer, oidc_user_id and oidc_user_email must be non-empty")
+
+		return
+	}
+
+	team, err := s.bootstrapOIDCUser(ctx, oidcUserBootstrapInput{
+		OIDCIssuer:    oidcIssuer,
+		OIDCUserID:    oidcUserID,
+		OIDCUserEmail: oidcUserEmail,
+		OIDCUserName:  body.OidcUserName,
+	})
+	if err != nil {
+		s.handleProvisioningError(ctx, c, "bootstrap auth provider user", err)
+
+		return
+	}
+
+	c.JSON(http.StatusOK, api.TeamResolveResponse{
+		Id:   team.ID,
+		Slug: team.Slug,
+	})
+}