npm - @things-factory/integration-label-studio - Versions diffs - 9.1.19 - Mend

@things-factory/integration-label-studio 9.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

package/CHANGELOG.md +85 -0
package/EXTERNAL_DATA_SOURCING.md +484 -0
package/IMPLEMENTATION_GUIDE.md +469 -0
package/INTEGRATION.md +279 -0
package/README.md +1014 -0
package/SETUP_GUIDE.md +577 -0
package/TEST_GUIDE.md +387 -0
package/UI_CUSTOMIZATION.md +395 -0
package/USER_SYNC_GUIDE.md +514 -0
package/client/bootstrap.ts +1 -0
package/client/index.ts +1 -0
package/client/label-studio-label-page.ts +52 -0
package/client/label-studio-project-create.ts +216 -0
package/client/label-studio-project-list.ts +214 -0
package/client/label-studio-wrapper.ts +294 -0
package/client/route.ts +15 -0
package/client/tsconfig.json +13 -0
package/config/config.development.js +124 -0
package/config/config.production.js +182 -0
package/dist-client/bootstrap.d.ts +1 -0
package/dist-client/bootstrap.js +2 -0
package/dist-client/bootstrap.js.map +1 -0
package/dist-client/index.d.ts +1 -0
package/dist-client/index.js +2 -0
package/dist-client/index.js.map +1 -0
package/dist-client/label-studio-label-page.d.ts +8 -0
package/dist-client/label-studio-label-page.js +54 -0
package/dist-client/label-studio-label-page.js.map +1 -0
package/dist-client/label-studio-project-create.d.ts +16 -0
package/dist-client/label-studio-project-create.js +235 -0
package/dist-client/label-studio-project-create.js.map +1 -0
package/dist-client/label-studio-project-list.d.ts +16 -0
package/dist-client/label-studio-project-list.js +222 -0
package/dist-client/label-studio-project-list.js.map +1 -0
package/dist-client/label-studio-wrapper.d.ts +57 -0
package/dist-client/label-studio-wrapper.js +304 -0
package/dist-client/label-studio-wrapper.js.map +1 -0
package/dist-client/route.d.ts +1 -0
package/dist-client/route.js +14 -0
package/dist-client/route.js.map +1 -0
package/dist-client/tsconfig.tsbuildinfo +1 -0
package/dist-server/controller/label-studio-role-mapper.d.ts +35 -0
package/dist-server/controller/label-studio-role-mapper.js +65 -0
package/dist-server/controller/label-studio-role-mapper.js.map +1 -0
package/dist-server/controller/user-provisioning-service.d.ts +66 -0
package/dist-server/controller/user-provisioning-service.js +264 -0
package/dist-server/controller/user-provisioning-service.js.map +1 -0
package/dist-server/index.d.ts +7 -0
package/dist-server/index.js +19 -0
package/dist-server/index.js.map +1 -0
package/dist-server/route/label-studio-sso.d.ts +2 -0
package/dist-server/route/label-studio-sso.js +156 -0
package/dist-server/route/label-studio-sso.js.map +1 -0
package/dist-server/route/webhook.d.ts +65 -0
package/dist-server/route/webhook.js +248 -0
package/dist-server/route/webhook.js.map +1 -0
package/dist-server/route.d.ts +1 -0
package/dist-server/route.js +21 -0
package/dist-server/route.js.map +1 -0
package/dist-server/service/ai-prediction-service.d.ts +27 -0
package/dist-server/service/ai-prediction-service.js +222 -0
package/dist-server/service/ai-prediction-service.js.map +1 -0
package/dist-server/service/dataset-labeling-integration.d.ts +44 -0
package/dist-server/service/dataset-labeling-integration.js +512 -0
package/dist-server/service/dataset-labeling-integration.js.map +1 -0
package/dist-server/service/external-data-source-service.d.ts +78 -0
package/dist-server/service/external-data-source-service.js +415 -0
package/dist-server/service/external-data-source-service.js.map +1 -0
package/dist-server/service/index.d.ts +12 -0
package/dist-server/service/index.js +27 -0
package/dist-server/service/index.js.map +1 -0
package/dist-server/service/label-studio-sso-service.d.ts +38 -0
package/dist-server/service/label-studio-sso-service.js +98 -0
package/dist-server/service/label-studio-sso-service.js.map +1 -0
package/dist-server/service/ml/ml-backend-service.d.ts +23 -0
package/dist-server/service/ml/ml-backend-service.js +153 -0
package/dist-server/service/ml/ml-backend-service.js.map +1 -0
package/dist-server/service/prediction/prediction-management.d.ts +32 -0
package/dist-server/service/prediction/prediction-management.js +299 -0
package/dist-server/service/prediction/prediction-management.js.map +1 -0
package/dist-server/service/project/project-management.d.ts +36 -0
package/dist-server/service/project/project-management.js +309 -0
package/dist-server/service/project/project-management.js.map +1 -0
package/dist-server/service/task/task-management.d.ts +42 -0
package/dist-server/service/task/task-management.js +372 -0
package/dist-server/service/task/task-management.js.map +1 -0
package/dist-server/service/user-provisioning/user-sync-mutation.d.ts +28 -0
package/dist-server/service/user-provisioning/user-sync-mutation.js +111 -0
package/dist-server/service/user-provisioning/user-sync-mutation.js.map +1 -0
package/dist-server/service/webhook/webhook-management.d.ts +21 -0
package/dist-server/service/webhook/webhook-management.js +134 -0
package/dist-server/service/webhook/webhook-management.js.map +1 -0
package/dist-server/tsconfig.tsbuildinfo +1 -0
package/dist-server/types/dataset-labeling-types.d.ts +71 -0
package/dist-server/types/dataset-labeling-types.js +259 -0
package/dist-server/types/dataset-labeling-types.js.map +1 -0
package/dist-server/types/label-studio-types.d.ts +128 -0
package/dist-server/types/label-studio-types.js +494 -0
package/dist-server/types/label-studio-types.js.map +1 -0
package/dist-server/types/prediction-types.d.ts +39 -0
package/dist-server/types/prediction-types.js +121 -0
package/dist-server/types/prediction-types.js.map +1 -0
package/dist-server/utils/annotation-exporter.d.ts +104 -0
package/dist-server/utils/annotation-exporter.js +261 -0
package/dist-server/utils/annotation-exporter.js.map +1 -0
package/dist-server/utils/label-config-builder.d.ts +117 -0
package/dist-server/utils/label-config-builder.js +286 -0
package/dist-server/utils/label-config-builder.js.map +1 -0
package/dist-server/utils/label-studio-api-client.d.ts +180 -0
package/dist-server/utils/label-studio-api-client.js +401 -0
package/dist-server/utils/label-studio-api-client.js.map +1 -0
package/dist-server/utils/media-url-extractor.d.ts +45 -0
package/dist-server/utils/media-url-extractor.js +152 -0
package/dist-server/utils/media-url-extractor.js.map +1 -0
package/dist-server/utils/task-transformer.d.ts +108 -0
package/dist-server/utils/task-transformer.js +260 -0
package/dist-server/utils/task-transformer.js.map +1 -0
package/package.json +47 -0
package/server/SERVER_STRUCTURE.md +351 -0
package/server/controller/label-studio-role-mapper.ts +76 -0
package/server/controller/user-provisioning-service.ts +340 -0
package/server/index.ts +19 -0
package/server/route/label-studio-sso.ts +194 -0
package/server/route/webhook.ts +304 -0
package/server/route.ts +35 -0
package/server/service/ai-prediction-service.ts +239 -0
package/server/service/dataset-labeling-integration.ts +590 -0
package/server/service/external-data-source-service.ts +438 -0
package/server/service/index.ts +24 -0
package/server/service/label-studio-sso-service.ts +108 -0
package/server/service/labeling-scenario-service.ts.deprecated +566 -0
package/server/service/ml/ml-backend-service.ts +127 -0
package/server/service/prediction/prediction-management.ts +281 -0
package/server/service/project/project-management.ts +284 -0
package/server/service/task/task-management.ts +363 -0
package/server/service/user-provisioning/user-sync-mutation.ts +80 -0
package/server/service/webhook/webhook-management.ts +109 -0
package/server/tsconfig.json +11 -0
package/server/types/dataset-labeling-types.ts +181 -0
package/server/types/global.d.ts +23 -0
package/server/types/label-studio-types.ts +346 -0
package/server/types/prediction-types.ts +86 -0
package/server/types/scenario-types.ts.deprecated +362 -0
package/server/utils/annotation-exporter.ts +340 -0
package/server/utils/label-config-builder.ts +340 -0
package/server/utils/label-studio-api-client.ts +487 -0
package/server/utils/media-url-extractor.ts +193 -0
package/server/utils/task-transformer.ts +342 -0
package/test-ai-prediction.js +268 -0
package/test-dataset-integration.js +449 -0
package/test-simple.js +89 -0
package/things-factory.config.js +12 -0

package/server/controller/user-provisioning-service.ts ADDED Viewed

@@ -0,0 +1,340 @@
+import axios from 'axios'
+import { User } from '@things-factory/auth-base'
+import { config } from '@things-factory/env'
+import { LabelStudioRoleMapper, LabelStudioPermissions } from './label-studio-role-mapper.js'
+import { Domain, getRepository } from '@things-factory/shell'
+type LabelStudioConfig = {
+  serverUrl: string
+  apiToken: string
+  interfaces: string
+}
+// Get Label Studio config from server config file
+function getLabelStudioConfig(): LabelStudioConfig {
+  return config.get('labelStudio', {
+    serverUrl: '',
+    apiToken: '',
+    interfaces: 'panel,controls,annotations:menu'
+  })
+}
+export interface SyncResult {
+  success: boolean
+  email: string
+  action: 'created' | 'updated' | 'deactivated' | 'skipped' | 'error'
+  lsUserId?: string
+  lsPermissions?: string // 'Admin (Full access)' | 'Staff (Labeling only)' | 'Inactive'
+  error?: string
+}
+export interface SyncSummary {
+  total: number
+  created: number
+  updated: number
+  deactivated: number
+  skipped: number
+  errors: number
+  results: SyncResult[]
+}
+/**
+ * Label Studio 사용자 프로비저닝 서비스
+ *
+ * Things-Factory 사용자를 Label Studio에 배치 동기화합니다.
+ */
+export class UserProvisioningService {
+  /**
+   * 설정 검증
+   */
+  private static validateConfig(): void {
+    const config = getLabelStudioConfig()
+    if (!config.apiToken) {
+      throw new Error('Label Studio API token is not configured')
+    }
+    if (!config.serverUrl) {
+      throw new Error('Label Studio server URL is not configured')
+    }
+  }
+  /**
+   * 단일 사용자 동기화
+   *
+   * @param domain Things-Factory 도메인
+   * @param user Things-Factory 사용자
+   * @returns 동기화 결과
+   */
+  static async syncUser(domain: Domain, user: User): Promise<SyncResult> {
+    // 설정 검증
+    this.validateConfig()
+    const config = getLabelStudioConfig()
+    try {
+      // 1. Label Studio 권한 확인
+      const hasLSPrivilege =
+        (await User.hasPrivilege('label-studio', 'query', domain, user)) ||
+        (await User.hasPrivilege('label-studio', 'mutation', domain, user))
+      if (!hasLSPrivilege) {
+        // Label Studio 권한 없음 → Label Studio에서 비활성화
+        const deactivated = await this.deactivateUser(user.email, config)
+        return {
+          success: true,
+          email: user.email,
+          action: deactivated ? 'deactivated' : 'skipped'
+        }
+      }
+      // 2. Label Studio 권한 매핑
+      const lsPermissions = await LabelStudioRoleMapper.mapUserPermissions(domain, user)
+      // 3. Label Studio API로 사용자 생성 또는 업데이트
+      const result = await this.createOrUpdateLabelStudioUser(user, lsPermissions, config)
+      return {
+        success: true,
+        email: user.email,
+        action: result.created ? 'created' : 'updated',
+        lsUserId: result.id.toString(),
+        lsPermissions: LabelStudioRoleMapper.getPermissionsDescription(lsPermissions)
+      }
+    } catch (error: any) {
+      console.error(`Failed to sync user ${user.email}:`, error.message)
+      return {
+        success: false,
+        email: user.email,
+        action: 'error',
+        error: error.message
+      }
+    }
+  }
+  static async getDomainUsers(domain: Domain): Promise<User[]> {
+    const qb = getRepository(User).createQueryBuilder('USER')
+    qb.select().andWhere(qb => {
+      const subQuery = qb
+        .subQuery()
+        .select('USERS_DOMAINS.users_id')
+        .from('users_domains', 'USERS_DOMAINS')
+        .where('USERS_DOMAINS.domains_id = :domainId', { domainId: domain.id })
+        .getQuery()
+      return 'USER.id IN ' + subQuery
+    })
+    const [items, total] = await qb.getManyAndCount()
+    const foundUsers: User[] = items.map((item: User) => {
+      item.owner = item.id === domain.owner
+      return item
+    })
+    return foundUsers
+  }
+  /**
+   * 도메인의 모든 사용자 일괄 동기화
+   *
+   * @param domain Things-Factory 도메인
+   * @returns 동기화 요약
+   */
+  static async syncAllUsers(domain: Domain): Promise<SyncSummary> {
+    // 설정 검증
+    this.validateConfig()
+    // 도메인의 모든 활성 사용자 조회
+    const users = await UserProvisioningService.getDomainUsers(domain)
+    console.log(`🔄 Starting batch sync for ${users.length} users...`)
+    const results: SyncResult[] = []
+    // 각 사용자 동기화
+    for (const user of users) {
+      const result = await this.syncUser(domain, user)
+      results.push(result)
+      // API Rate Limiting 방지
+      await this.sleep(100)
+    }
+    // 요약 생성
+    const summary: SyncSummary = {
+      total: users.length,
+      created: results.filter(r => r.action === 'created').length,
+      updated: results.filter(r => r.action === 'updated').length,
+      deactivated: results.filter(r => r.action === 'deactivated').length,
+      skipped: results.filter(r => r.action === 'skipped').length,
+      errors: results.filter(r => r.action === 'error').length,
+      results
+    }
+    console.log(`✅ Batch sync completed:`, {
+      total: summary.total,
+      created: summary.created,
+      updated: summary.updated,
+      deactivated: summary.deactivated,
+      skipped: summary.skipped,
+      errors: summary.errors
+    })
+    return summary
+  }
+  /**
+   * Label Studio API를 통해 사용자 생성 또는 업데이트
+   */
+  private static async createOrUpdateLabelStudioUser(
+    user: User,
+    lsPermissions: LabelStudioPermissions,
+    config: LabelStudioConfig
+  ): Promise<any> {
+    const apiUrl = this.buildApiUrl(config.serverUrl, '/api/users')
+    // 이름 파싱
+    const nameParts = (user.name || user.email).split(' ')
+    const firstName = nameParts[0] || user.email
+    const lastName = nameParts.slice(1).join(' ') || ''
+    try {
+      // 이메일로 기존 사용자 조회
+      const searchResponse = await axios.get(apiUrl, {
+        headers: {
+          Authorization: `Token ${config.apiToken}`
+        },
+        params: {
+          email: user.email
+        }
+      })
+      if (searchResponse.data.results && searchResponse.data.results.length > 0) {
+        // 기존 사용자 업데이트
+        const existingUser = searchResponse.data.results[0]
+        const updateResponse = await axios.patch(
+          `${apiUrl}/${existingUser.id}/`,
+          {
+            email: user.email,
+            username: user.email,
+            first_name: firstName,
+            last_name: lastName,
+            is_superuser: lsPermissions.is_superuser,
+            is_staff: lsPermissions.is_staff,
+            is_active: lsPermissions.is_active
+          },
+          {
+            headers: {
+              Authorization: `Token ${config.apiToken}`,
+              'Content-Type': 'application/json'
+            }
+          }
+        )
+        return {
+          ...updateResponse.data,
+          created: false
+        }
+      } else {
+        // 새 사용자 생성
+        const createResponse = await axios.post(
+          apiUrl,
+          {
+            email: user.email,
+            username: user.email,
+            first_name: firstName,
+            last_name: lastName,
+            password: this.generateRandomPassword(),
+            is_superuser: lsPermissions.is_superuser,
+            is_staff: lsPermissions.is_staff,
+            is_active: lsPermissions.is_active
+          },
+          {
+            headers: {
+              Authorization: `Token ${config.apiToken}`,
+              'Content-Type': 'application/json'
+            }
+          }
+        )
+        return {
+          ...createResponse.data,
+          created: true
+        }
+      }
+    } catch (error: any) {
+      console.error(`Label Studio API error for ${user.email}:`, error.response?.data || error.message)
+      throw error
+    }
+  }
+  /**
+   * Label Studio에서 사용자 비활성화
+   */
+  private static async deactivateUser(email: string, config: LabelStudioConfig): Promise<boolean> {
+    const apiUrl = this.buildApiUrl(config.serverUrl, '/api/users')
+    try {
+      // 이메일로 사용자 조회
+      const searchResponse = await axios.get(apiUrl, {
+        headers: {
+          Authorization: `Token ${config.apiToken}`
+        },
+        params: { email }
+      })
+      if (searchResponse.data.results && searchResponse.data.results.length > 0) {
+        const user = searchResponse.data.results[0]
+        // 비활성화
+        await axios.patch(
+          `${apiUrl}/${user.id}/`,
+          { is_active: false },
+          {
+            headers: {
+              Authorization: `Token ${config.apiToken}`,
+              'Content-Type': 'application/json'
+            }
+          }
+        )
+        return true
+      }
+      return false
+    } catch (error: any) {
+      console.error(`Failed to deactivate user ${email}:`, error.message)
+      return false
+    }
+  }
+  /**
+   * API URL 빌드
+   */
+  private static buildApiUrl(serverUrl: string, path: string): string {
+    let url = serverUrl.replace(/\/$/, '')
+    if (!url.startsWith('http://') && !url.startsWith('https://')) {
+      url = `https://${url}`
+    }
+    return `${url}${path}`
+  }
+  /**
+   * 랜덤 비밀번호 생성 (SSO 사용으로 실제로는 사용 안 됨)
+   */
+  private static generateRandomPassword(): string {
+    return Math.random().toString(36).slice(-16) + Math.random().toString(36).slice(-16)
+  }
+  /**
+   * Sleep 유틸리티
+   */
+  private static sleep(ms: number): Promise<void> {
+    return new Promise(resolve => setTimeout(resolve, ms))
+  }
+}

package/server/index.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export * from './service/index.js'
+export * from './utils/label-config-builder.js'
+export * from './utils/task-transformer.js'
+export * from './utils/annotation-exporter.js'
+export {
+  WebhookAction,
+  WebhookPayload,
+  WebhookHandler,
+  registerWebhookHandler,
+  unregisterWebhookHandler,
+  clearWebhookHandlers
+} from './route/webhook.js'
+import './route.js'
+import './route/webhook.js'
+process.on('bootstrap-module-start' as any, async ({ app, config, client }: any) => {
+  console.log('[integration-label-studio:bootstrap] Label Studio integration initialized with subdomain cookie-sharing SSO')
+})

package/server/route/label-studio-sso.ts ADDED Viewed

@@ -0,0 +1,194 @@
+/**
+ * Label Studio SSO Route
+ *
+ * Implements subdomain-based cookie sharing for Label Studio SSO authentication.
+ * This approach eliminates the need for proxy by using shared domain cookies.
+ *
+ * ## Architecture:
+ * 1. Client calls /label-studio/sso/setup
+ * 2. Backend gets JWT token from Label Studio using API Token
+ * 3. Backend sets cookie with shared domain (e.g., .nubison.localhost)
+ * 4. Client loads Label Studio directly in iframe
+ * 5. Cookie is automatically sent with iframe requests
+ *
+ * ## Configuration:
+ * Label Studio .env must include:
+ * - JWT_SSO_SECRET: Shared secret for JWT signing
+ * - JWT_SSO_COOKIE_NAME: Cookie name (default: ls_auth_token)
+ * - CSRF_TRUSTED_ORIGINS: Include all frontend domains
+ * - ALLOWED_HOSTS: Include all subdomain patterns
+ */
+import Koa from 'koa'
+import Router from 'koa-router'
+import { config } from '@things-factory/env'
+import { LabelStudioSSOService } from '../service/label-studio-sso-service.js'
+const ssoRouter = new Router()
+/**
+ * Get Label Studio configuration
+ */
+function getLabelStudioConfig() {
+  const labelStudioConfig = config.get('labelStudio', {
+    serverUrl: 'http://localhost:8080',
+    apiToken: '',
+    cookieDomain: '' // e.g., '.nubison.localhost' for subdomain sharing
+  })
+  return {
+    serverUrl: labelStudioConfig.serverUrl,
+    apiToken: labelStudioConfig.apiToken,
+    cookieDomain: labelStudioConfig.cookieDomain || ''
+  }
+}
+/**
+ * SSO Setup Endpoint
+ *
+ * This endpoint must be called by the client before loading Label Studio iframe
+ * to establish SSO authentication using subdomain cookie sharing.
+ *
+ * Flow:
+ * 1. Client calls /label-studio/sso/setup
+ * 2. Backend requests JWT token from Label Studio
+ * 3. Backend sets ls_auth_token cookie with shared domain
+ * 4. Client loads Label Studio iframe - auto-login succeeds
+ *
+ * @example
+ * fetch('/label-studio/sso/setup', { credentials: 'include' })
+ */
+ssoRouter.get('/label-studio/sso/setup', async (ctx: Koa.Context) => {
+  try {
+    const user = ctx.state.user
+    if (!user || !user.email) {
+      ctx.status = 401
+      ctx.body = {
+        success: false,
+        error: 'Unauthorized',
+        message: 'User authentication required'
+      }
+      return
+    }
+    const { cookieDomain } = getLabelStudioConfig()
+    // Cookie name must match Label Studio's JWT_SSO_COOKIE_NAME setting
+    const cookieName = 'ls_auth_token'
+    const existingToken = ctx.cookies.get(cookieName)
+    if (existingToken) {
+      // Token already exists
+      ctx.status = 200
+      ctx.body = {
+        success: true,
+        message: 'SSO token already exists',
+        user: user.email
+      }
+      return
+    }
+    console.log(`[Label Studio SSO] Setting up token for ${user.email}`)
+    // Request JWT token from Label Studio
+    const tokenData = await LabelStudioSSOService.getSSOToken(user.email)
+    if (tokenData) {
+      // Clear existing sessionid to prevent conflict with SSO token
+      ctx.cookies.set('sessionid', '', {
+        domain: cookieDomain || undefined,
+        path: '/',
+        maxAge: 0 // Expire immediately
+      })
+      // Set cookie with shared domain for subdomain access
+      const cookieOptions: any = {
+        httpOnly: false, // Allow client-side access for debugging
+        secure: ctx.protocol === 'https',
+        sameSite: 'lax',
+        path: '/',
+        maxAge: tokenData.expires_in * 1000 // Convert seconds to milliseconds
+      }
+      // Only set domain if cookieDomain is configured
+      // This allows same-origin cookie for single domain setup
+      if (cookieDomain) {
+        cookieOptions.domain = cookieDomain
+        console.log(`[Label Studio SSO] Using shared cookie domain: ${cookieDomain}`)
+      }
+      ctx.cookies.set(cookieName, tokenData.token, cookieOptions)
+      console.log(
+        `[Label Studio SSO] Token set for ${user.email} (expires in ${tokenData.expires_in}s, domain: ${cookieDomain || 'same-origin'})`
+      )
+      ctx.status = 200
+      ctx.body = {
+        success: true,
+        message: 'SSO token setup complete',
+        user: user.email,
+        expiresIn: tokenData.expires_in,
+        cookieDomain: cookieDomain || 'same-origin'
+      }
+    } else {
+      console.error(`[Label Studio SSO] Failed to acquire token for ${user.email}`)
+      ctx.status = 500
+      ctx.body = {
+        success: false,
+        error: 'Token Acquisition Failed',
+        message: 'Failed to acquire SSO token from Label Studio'
+      }
+    }
+  } catch (error: any) {
+    console.error('[Label Studio SSO] Setup error:', error.message)
+    ctx.status = 500
+    ctx.body = {
+      success: false,
+      error: 'Internal Server Error',
+      message: error.message
+    }
+  }
+})
+/**
+ * Health check endpoint
+ */
+ssoRouter.get('/label-studio/sso/health', async (ctx: Koa.Context) => {
+  try {
+    const { serverUrl, cookieDomain } = getLabelStudioConfig()
+    ctx.status = 200
+    ctx.body = {
+      status: 'ok',
+      labelStudioUrl: serverUrl || 'not configured',
+      cookieDomain: cookieDomain || 'same-origin',
+      message: 'Label Studio SSO is running'
+    }
+  } catch (error: any) {
+    ctx.status = 503
+    ctx.body = {
+      status: 'error',
+      message: error.message
+    }
+  }
+})
+/**
+ * Configuration endpoint
+ */
+ssoRouter.get('/label-studio/sso/config', async (ctx: Koa.Context) => {
+  const { serverUrl, apiToken, cookieDomain } = getLabelStudioConfig()
+  ctx.status = 200
+  ctx.body = {
+    labelStudioUrl: serverUrl || 'not configured',
+    cookieDomain: cookieDomain || 'same-origin',
+    hasApiToken: !!apiToken,
+    ssoConfigured: LabelStudioSSOService.verifyConfig()
+  }
+})
+export { ssoRouter }