Add Azure deployment config and auto-user creation

- Configure Prisma 7 with driver adapters for migrations
- Add binary targets for Azure Linux deployment
- Add debug and auth-debug endpoints for troubleshooting
- Auto-create users on first Azure AD login
- Add .funcignore for pre-built deployment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: pktikkani

.funcignore

@@ -0,0 +1,16 @@
+# Ignore for Azure Functions deployment (pre-built)
+.git
+.github
+.vscode
+.idea
+*.md
+*.log
+.env*
+local.settings.json
+.gitignore
+coverage/
+src/
+tsconfig.json
+*.ts
+!*.d.ts
+deploy.zip

package.json

@@ -39,6 +39,6 @@
     "vitest": "^2.1.8"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=22.0.0"
   }
 }

prisma/prisma.config.ts

@@ -1,10 +1,8 @@
-import path from 'node:path';
-import type { PrismaConfig } from 'prisma';
+import { defineConfig } from 'prisma/config';
 
-export default {
+export default defineConfig({
   earlyAccess: true,
-  schema: path.join(__dirname, 'schema.prisma'),
-
+  schema: './schema.prisma',
   migrate: {
     adapter: async () => {
       const { PrismaPg } = await import('@prisma/adapter-pg');
@@ -13,4 +11,7 @@ export default {
       return new PrismaPg(pool);
     },
   },
-} satisfies PrismaConfig;
+  datasource: {
+    url: process.env.DATABASE_URL!,
+  },
+});

prisma/schema.prisma

@@ -1,5 +1,6 @@
 generator client {
-  provider = "prisma-client-js"
+  provider      = "prisma-client-js"
+  binaryTargets = ["native", "debian-openssl-3.0.x", "linux-musl-openssl-3.0.x"]
 }
 
 datasource db {

src/functions/trpc.ts

@@ -83,3 +83,75 @@ app.http('health', {
     };
   },
 });
+
+// Debug endpoint - test database connection
+app.http('debug', {
+  methods: ['GET'],
+  authLevel: 'anonymous',
+  route: 'debug',
+  handler: async (request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> => {
+    try {
+      const { db } = await import('../lib/db/prisma.js');
+      const userCount = await db.user.count();
+      return {
+        jsonBody: { status: 'ok', database: 'connected', users: userCount },
+      };
+    } catch (error) {
+      return {
+        status: 500,
+        jsonBody: {
+          status: 'error',
+          message: error instanceof Error ? error.message : 'Unknown',
+          stack: error instanceof Error ? error.stack : undefined,
+        },
+      };
+    }
+  },
+});
+
+// Auth debug endpoint - test token validation
+app.http('auth-debug', {
+  methods: ['GET', 'POST', 'OPTIONS'],
+  authLevel: 'anonymous',
+  route: 'auth-debug',
+  handler: async (request: HttpRequest, context: InvocationContext): Promise<HttpResponseInit> => {
+    const jwt = await import('jsonwebtoken');
+
+    const authHeader = request.headers.get('Authorization');
+    if (!authHeader?.startsWith('Bearer ')) {
+      return {
+        jsonBody: {
+          error: 'No Bearer token',
+          headers: Object.fromEntries(request.headers.entries()),
+        },
+      };
+    }
+
+    const token = authHeader.substring(7);
+
+    try {
+      // Decode without verification to see claims
+      const decoded = jwt.default.decode(token, { complete: true });
+
+      return {
+        jsonBody: {
+          status: 'token_received',
+          header: decoded?.header,
+          payload: decoded?.payload,
+          envConfig: {
+            MICROSOFT_TENANT_ID: process.env.MICROSOFT_TENANT_ID,
+            MICROSOFT_CLIENT_ID: process.env.MICROSOFT_CLIENT_ID,
+          },
+        },
+      };
+    } catch (error) {
+      return {
+        status: 500,
+        jsonBody: {
+          status: 'decode_error',
+          message: error instanceof Error ? error.message : 'Unknown',
+        },
+      };
+    }
+  },
+});

src/trpc/init.ts

@@ -157,28 +157,24 @@ export const protectedProcedure = t.procedure.use(async ({ ctx, next }) => {
       },
     });
 
-    // If not found by email, try to find by any associated Microsoft connection
+    // If not found, auto-create the user on first login
     if (!dbUser) {
-      console.log('[Azure AD] User not found by email, checking Microsoft connections');
-      const connection = await db.microsoftConnection.findFirst({
-        where: {
-          OR: [
-            { tenantId: process.env.MICROSOFT_TENANT_ID },
-          ]
+      console.log('[Azure AD] User not found, creating new user:', azureAdUser.email);
+      dbUser = await db.user.create({
+        data: {
+          auth0Id: azureAdUser.id, // Use Azure AD oid as auth0Id
+          email: azureAdUser.email,
+          name: azureAdUser.email.split('@')[0], // Use email prefix as name
+          role: 'viewer', // Default role
         },
-        include: { user: true },
-      });
-      if (connection?.user) {
-        dbUser = await db.user.findUnique({
-          where: { id: connection.user.id },
-          include: {
-            microsoftConnections: {
-              where: { isActive: true },
-              take: 1,
-            },
+        include: {
+          microsoftConnections: {
+            where: { isActive: true },
+            take: 1,
           },
-        });
-      }
+        },
+      });
+      console.log('[Azure AD] New user created:', dbUser.id);
     }
 
     if (dbUser) {