OpenDataEnsemble · Ndacyayisenga-droid · Dec 18, 2025 · Dec 18, 2025 · Dec 18, 2025
diff --git a/synkronus-portal/Dockerfile b/synkronus-portal/Dockerfile
@@ -23,7 +23,7 @@ FROM nginx:alpine
 COPY --from=builder /app/dist /usr/share/nginx/html
 
 # Copy custom nginx configuration for SPA routing
-# Backend API: http://demo.synkronus.cloud
+# Backend API: http://demo.synkronus.cloud (remote demo server)
 RUN echo 'server { \
     listen 0.0.0.0:80; \
     listen [::]:80; \
@@ -33,7 +33,8 @@ RUN echo 'server { \
     location / { \
         try_files $uri $uri/ /index.html; \
     } \
-    # Proxy API requests to backend (demo.synkronus.cloud) \
+    # Proxy API requests to demo server (demo.synkronus.cloud) \
+    # Strip /api prefix since demo server uses routes without /api prefix \
     location /api { \
         rewrite ^/api(.*)$ $1 break; \
         proxy_pass http://demo.synkronus.cloud; \
@@ -45,6 +46,9 @@ RUN echo 'server { \
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; \
         proxy_set_header X-Forwarded-Proto $scheme; \
         proxy_set_header X-Forwarded-Host $host; \
+        # Explicitly pass Authorization header for authentication \
+        proxy_set_header Authorization $http_authorization; \
+        proxy_pass_request_headers on; \
         proxy_connect_timeout 60s; \
         proxy_send_timeout 60s; \
         proxy_read_timeout 60s; \

diff --git a/synkronus-portal/src/services/api.ts b/synkronus-portal/src/services/api.ts
@@ -116,7 +116,8 @@ export const api = {
 
   // User management endpoints
   async createUser(data: { username: string; password: string; role: string }): Promise<{ username: string; role: string; createdAt: string }> {
-    return request<{ username: string; role: string; createdAt: string }>('/users/create', {
+    // Use /users (not /users/create) to match CLI and demo server
+    return request<{ username: string; role: string; createdAt: string }>('/users', {
       method: 'POST',
       body: JSON.stringify(data),
     })

diff --git a/synkronus/internal/api/api.go b/synkronus/internal/api/api.go
@@ -147,6 +147,9 @@ func NewRouter(log *logger.Logger, h *handlers.Handler) http.Handler {
 		// User management routes
 		userRoutes := func(r chi.Router) {
 			// Admin-only routes
+			// Support both POST /users and POST /users/create for compatibility
+			// CLI uses POST /users, portal uses POST /users/create
+			r.With(auth.RequireRole(models.RoleAdmin)).Post("/", h.CreateUserHandler)
 			r.With(auth.RequireRole(models.RoleAdmin)).Post("/create", h.CreateUserHandler)
 			r.With(auth.RequireRole(models.RoleAdmin)).Delete("/delete/{username}", h.DeleteUserHandler)
 			r.With(auth.RequireRole(models.RoleAdmin)).Post("/reset-password", h.ResetPasswordHandler)