From fb562908ee21e0f4b38d4344db72384d1fa3764c Mon Sep 17 00:00:00 2001
From: mike12345567 <me@michaeldrury.co.uk>
Date: Tue, 27 Jul 2021 16:17:02 +0100
Subject: [PATCH] Fixing some issues with public endpoints causing logout loop.

---
 packages/auth/src/middleware/authenticated.js     | 7 ++++---
 packages/builder/src/pages/builder/_layout.svelte | 3 ---
 packages/worker/src/api/index.js                  | 2 +-
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/packages/auth/src/middleware/authenticated.js b/packages/auth/src/middleware/authenticated.js
index e3089efb1e..250b151438 100644
--- a/packages/auth/src/middleware/authenticated.js
+++ b/packages/auth/src/middleware/authenticated.js
@@ -23,7 +23,8 @@ function buildNoAuthRegex(patterns) {
   })
 }
 
-function finalise(ctx, { authenticated, user, internal, version } = {}) {
+function finalise(ctx, { authenticated, user, internal, version, publicEndpoint } = {}) {
+  ctx.publicEndpoint = publicEndpoint || false
   ctx.isAuthenticated = authenticated || false
   ctx.user = user
   ctx.internal = internal || false
@@ -90,12 +91,12 @@ module.exports = (noAuthPatterns = [], opts) => {
         authenticated = false
       }
       // isAuthenticated is a function, so use a variable to be able to check authed state
-      finalise(ctx, { authenticated, user, internal, version })
+      finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
       return next()
     } catch (err) {
       // allow configuring for public access
       if ((opts && opts.publicAllowed) || publicEndpoint) {
-        finalise(ctx, { authenticated: false, version })
+        finalise(ctx, { authenticated: false, version, publicEndpoint })
       } else {
         ctx.throw(err.status || 403, err)
       }
diff --git a/packages/builder/src/pages/builder/_layout.svelte b/packages/builder/src/pages/builder/_layout.svelte
index 6bef986f04..b16ffed7a8 100644
--- a/packages/builder/src/pages/builder/_layout.svelte
+++ b/packages/builder/src/pages/builder/_layout.svelte
@@ -16,9 +16,6 @@
 
   // Force creation of an admin user if one doesn't exist
   $: {
-    console.log(`loaded: ${loaded}`)
-    console.log(`tenancy: ${multiTenancyEnabled}`)
-    console.log(`tenant set: ${tenantSet}`)
     if (loaded && multiTenancyEnabled && !tenantSet) {
       $redirect("./auth/org")
     } else if (loaded && !hasAdminUser) {
diff --git a/packages/worker/src/api/index.js b/packages/worker/src/api/index.js
index cfeb3506e5..2e65dc17e7 100644
--- a/packages/worker/src/api/index.js
+++ b/packages/worker/src/api/index.js
@@ -56,7 +56,7 @@ router
   .use(buildAuthMiddleware(PUBLIC_ENDPOINTS))
   // for now no public access is allowed to worker (bar health check)
   .use((ctx, next) => {
-    if (!ctx.isAuthenticated) {
+    if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
       ctx.throw(403, "Unauthorized - no public worker access")
     }
     return next()