Attempt to fix auth proxies by making redirects manual #1028

2024-09-09 18:36:54 +02:00 · 2024-09-09 18:36:54 +02:00 · cb88eae885
parent 28f3e454b6
commit cb88eae885
2 changed files with 30 additions and 17 deletions
--- a/common/spaces/http_space_primitives.ts
+++ b/common/spaces/http_space_primitives.ts
@ -34,33 +34,46 @@ export class HttpSpacePrimitives implements SpacePrimitives {

    try {
      options.signal = AbortSignal.timeout(fetchTimeout);
+      options.redirect = "manual";
      const result = await fetch(url, options);
      if (result.status === 503) {
        throw new Error("Offline");
      }
+      const redirectHeader = result.headers.get("location");
+
+      // console.log("Got response", result.status, result.statusText, result.url);
+
      // Attempting to handle various authentication proxies
-      if (result.redirected) {
-        if (result.status === 401 || result.status === 403) {
+      if (result.status >= 300 && result.status < 400) {
+        if (redirectHeader) {
+          // Got a redirect
+          alert("Received a redirect, redirecting to URL: " + redirectHeader);
+          location.href = redirectHeader;
+          throw new Error("Redirected");
+        } else {
+          console.error("Got a redirect status but no location header", result);
+        }
+      }
+      // Check for unauthorized status
+      if (result.status === 401 || result.status === 403) {
+        // If it came with a redirect header, we'll redirect to that URL
+        if (redirectHeader) {
          console.log(
            "Received unauthorized status and got a redirect via the API so will redirect to URL",
            result.url,
          );
-          alert("You are not authenticated, redirecting to: " + result.url);
-          location.href = result.url;
+          alert("You are not authenticated, redirecting to: " + redirectHeader);
+          location.href = redirectHeader;
          throw new Error("Not authenticated");
        } else {
-          alert("Received a redirect, redirecting to URL: " + result.url);
-          location.href = result.url;
-          throw new Error("Redirected");
+          // If not, let's reload
+          alert(
+            "You are not authenticated, going to reload and hope that that kicks off authentication",
+          );
+          location.reload();
+          throw new Error("Not authenticated, got 401");
        }
      }
-      if (result.status === 401 || result.status === 403) {
-        alert(
-          "You are not authenticated, going to reload and hope that that kicks off authentication",
-        );
-        location.reload();
-        throw new Error("Not authenticated, got 401");
-      }
      return result;
    } catch (e: any) {
      // Errors when there is no internet connection:
--- a/server/http_server.ts
+++ b/server/http_server.ts
@ -370,7 +370,7 @@ export class HttpServer {
          return c.redirect(typeof from === "string" ? from : "/");
        } else {
          console.error("Authentication failed, redirecting to auth page.");
-          return c.redirect("/.auth?error=1");
+          return c.redirect("/.auth?error=1", 401);
        }
      },
    ).all((c) => {
@ -389,9 +389,9 @@ export class HttpServer {
      const redirectToAuth = () => {
        // Try filtering api paths
        if (req.path.startsWith("/.") || req.path.endsWith(".md")) {
-          return c.redirect("/.auth");
+          return c.redirect("/.auth", 401);
        } else {
-          return c.redirect(`/.auth?from=${req.path}`);
+          return c.redirect(`/.auth?from=${req.path}`, 401);
        }
      };
      if (!excludedPaths.includes(url.pathname)) {