Cpodlaskilegal takes Mike all-in on Microsoft

A law firm rebuilt Mike's foundations so the whole app runs inside its own Azure cloud, with staff signing in through the Microsoft accounts they already use.

infrastructuresecurity

Across seven commits, the team swapped out the hosting, the database plumbing, and the login system in one coordinated move:

  • The app now runs on Azure Container Apps, Microsoft's cloud hosting service, with a written deployment guide included.
  • The database moved off Supabase (a popular hosted backend for app builders) onto Azure's own Postgres database, behind a clever compatibility layer that let the rest of the app keep working almost untouched.
  • Sign-in now goes through Microsoft Entra ID, the corporate login system behind Outlook and Teams, so lawyers use their existing firm credentials.
  • A follow-up fix squashed a nasty bug where the login system kept refreshing itself in an endless loop and froze the browser.

This reads as a production deployment for one firm, Podlaski Legal, rather than a contribution meant for everyone. But the database compatibility layer is a ready-made escape route for anyone who wants off Supabase.

So what If your firm's IT policy says everything must live inside your Microsoft environment, this fork is proof Mike can get there, and the playbook is sitting on GitHub.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

7 commits from Cpodlaskilegal/mike, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
629d5c1b Deploy Mike to Azure Container Apps Cpodlaskilegal 2026-05-01 ↗ GitHub
be75a232 Fix Entra login redirect flow Cpodlaskilegal 2026-05-01 ↗ GitHub
551a021e Stabilize Entra redirect callback Cpodlaskilegal 2026-05-01 ↗ GitHub
560e87e2 Finalize Azure deployment fixes Cpodlaskilegal 2026-05-04 ↗ GitHub
d4327cfd Fix MSAL infinite token-refresh loop Cpodlaskilegal 2026-05-06 ↗ GitHub
commit body
onAuthStateChange listened for both LOGIN_SUCCESS and ACQUIRE_TOKEN_SUCCESS
and called getSession() inside the handler. getSession() invokes
acquireTokenSilent, which itself emits ACQUIRE_TOKEN_SUCCESS, re-entering
the handler indefinitely. Each iteration also fired ensureProfile() in
AuthContext, hammering the API and pegging Safari (the page would never
finish loading and other tabs in the same process would stall too).

Listening for ACQUIRE_TOKEN_SUCCESS is unnecessary anyway: silent
refreshes don't change the user/account. Now we only react to
LOGIN_SUCCESS and LOGOUT_SUCCESS.
8b3cdd15 Record deployed role chat image tag Chris Podlaski 2026-07-01 ↗ GitHub
005a3381 Update deployed image tags Chris Podlaski 2026-07-01 ↗ GitHub

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-818.md from inside the repo you want the changes in.

⬇ Download capture-thread-818.md