Fixing some issues with public endpoints causing logout loop.

This commit is contained in:
mike12345567 2021-07-27 16:17:02 +01:00
parent 1df08ffe35
commit fb562908ee
3 changed files with 5 additions and 7 deletions

View File

@ -23,7 +23,8 @@ function buildNoAuthRegex(patterns) {
}) })
} }
function finalise(ctx, { authenticated, user, internal, version } = {}) { function finalise(ctx, { authenticated, user, internal, version, publicEndpoint } = {}) {
ctx.publicEndpoint = publicEndpoint || false
ctx.isAuthenticated = authenticated || false ctx.isAuthenticated = authenticated || false
ctx.user = user ctx.user = user
ctx.internal = internal || false ctx.internal = internal || false
@ -90,12 +91,12 @@ module.exports = (noAuthPatterns = [], opts) => {
authenticated = false authenticated = false
} }
// isAuthenticated is a function, so use a variable to be able to check authed state // isAuthenticated is a function, so use a variable to be able to check authed state
finalise(ctx, { authenticated, user, internal, version }) finalise(ctx, { authenticated, user, internal, version, publicEndpoint })
return next() return next()
} catch (err) { } catch (err) {
// allow configuring for public access // allow configuring for public access
if ((opts && opts.publicAllowed) || publicEndpoint) { if ((opts && opts.publicAllowed) || publicEndpoint) {
finalise(ctx, { authenticated: false, version }) finalise(ctx, { authenticated: false, version, publicEndpoint })
} else { } else {
ctx.throw(err.status || 403, err) ctx.throw(err.status || 403, err)
} }

View File

@ -16,9 +16,6 @@
// Force creation of an admin user if one doesn't exist // Force creation of an admin user if one doesn't exist
$: { $: {
console.log(`loaded: ${loaded}`)
console.log(`tenancy: ${multiTenancyEnabled}`)
console.log(`tenant set: ${tenantSet}`)
if (loaded && multiTenancyEnabled && !tenantSet) { if (loaded && multiTenancyEnabled && !tenantSet) {
$redirect("./auth/org") $redirect("./auth/org")
} else if (loaded && !hasAdminUser) { } else if (loaded && !hasAdminUser) {

View File

@ -56,7 +56,7 @@ router
.use(buildAuthMiddleware(PUBLIC_ENDPOINTS)) .use(buildAuthMiddleware(PUBLIC_ENDPOINTS))
// for now no public access is allowed to worker (bar health check) // for now no public access is allowed to worker (bar health check)
.use((ctx, next) => { .use((ctx, next) => {
if (!ctx.isAuthenticated) { if (!ctx.isAuthenticated && !ctx.publicEndpoint) {
ctx.throw(403, "Unauthorized - no public worker access") ctx.throw(403, "Unauthorized - no public worker access")
} }
return next() return next()