From d6fb5e0c29503563796735234521ee950150dc6a Mon Sep 17 00:00:00 2001 From: Zef Hemel Date: Mon, 9 Sep 2024 18:36:54 +0200 Subject: [PATCH] Attempt to fix auth proxies by making redirects manual #1028 --- common/spaces/http_space_primitives.ts | 41 +++++++++++++++++--------- server/http_server.ts | 6 ++-- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/common/spaces/http_space_primitives.ts b/common/spaces/http_space_primitives.ts index efaa7098..e2c686b4 100644 --- a/common/spaces/http_space_primitives.ts +++ b/common/spaces/http_space_primitives.ts @@ -34,33 +34,46 @@ export class HttpSpacePrimitives implements SpacePrimitives { try { options.signal = AbortSignal.timeout(fetchTimeout); + options.redirect = "manual"; const result = await fetch(url, options); if (result.status === 503) { throw new Error("Offline"); } + const redirectHeader = result.headers.get("location"); + + // console.log("Got response", result.status, result.statusText, result.url); + // Attempting to handle various authentication proxies - if (result.redirected) { - if (result.status === 401 || result.status === 403) { + if (result.status >= 300 && result.status < 400) { + if (redirectHeader) { + // Got a redirect + alert("Received a redirect, redirecting to URL: " + redirectHeader); + location.href = redirectHeader; + throw new Error("Redirected"); + } else { + console.error("Got a redirect status but no location header", result); + } + } + // Check for unauthorized status + if (result.status === 401 || result.status === 403) { + // If it came with a redirect header, we'll redirect to that URL + if (redirectHeader) { console.log( "Received unauthorized status and got a redirect via the API so will redirect to URL", result.url, ); - alert("You are not authenticated, redirecting to: " + result.url); - location.href = result.url; + alert("You are not authenticated, redirecting to: " + redirectHeader); + location.href = redirectHeader; throw new Error("Not authenticated"); } else { - alert("Received a redirect, redirecting to URL: " + result.url); - location.href = result.url; - throw new Error("Redirected"); + // If not, let's reload + alert( + "You are not authenticated, going to reload and hope that that kicks off authentication", + ); + location.reload(); + throw new Error("Not authenticated, got 401"); } } - if (result.status === 401 || result.status === 403) { - alert( - "You are not authenticated, going to reload and hope that that kicks off authentication", - ); - location.reload(); - throw new Error("Not authenticated, got 401"); - } return result; } catch (e: any) { // Errors when there is no internet connection: diff --git a/server/http_server.ts b/server/http_server.ts index 0c6c351c..1407342e 100644 --- a/server/http_server.ts +++ b/server/http_server.ts @@ -370,7 +370,7 @@ export class HttpServer { return c.redirect(typeof from === "string" ? from : "/"); } else { console.error("Authentication failed, redirecting to auth page."); - return c.redirect("/.auth?error=1"); + return c.redirect("/.auth?error=1", 401); } }, ).all((c) => { @@ -389,9 +389,9 @@ export class HttpServer { const redirectToAuth = () => { // Try filtering api paths if (req.path.startsWith("/.") || req.path.endsWith(".md")) { - return c.redirect("/.auth"); + return c.redirect("/.auth", 401); } else { - return c.redirect(`/.auth?from=${req.path}`); + return c.redirect(`/.auth?from=${req.path}`, 401); } }; if (!excludedPaths.includes(url.pathname)) {