jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

proxyauth: on invalid token, redirect user

Browse Source 
https://forum.cloudron.io/topic/6425/403-in-proxyauth-apps-after-server-migration
This commit is contained in:
Girish Ramakrishnan
2022-02-01 17:56:40 -08:00
parent 944d364e1a
commit 150f89ae43
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/proxyauth.js
+7 -7
View File
@@ -1,7 +1,5 @@
'use strict';
const blobs = require('./blobs.js');
// heavily inspired from https://gock.net/blog/2020/nginx-subrequest-authentication-server/ and https://github.com/andygock/auth-server
exports = module.exports = {
@@ -12,6 +10,7 @@ exports = module.exports = {
const apps = require('./apps.js'),
assert = require('assert'),
basicAuth = require('basic-auth'),
blobs = require('./blobs.js'),
constants = require('./constants.js'),
debug = require('debug')('box:proxyAuth'),
ejs = require('ejs'),
@@ -41,12 +40,12 @@ function jwtVerify(req, res, next) {
jwt.verify(token, gTokenSecret, function (error, decoded) {
if (error) {
debug('jwtVerify: clearing token', error);
res.clearCookie('authToken');
return next(new HttpError(403, 'Malformed token or bad signature'));
debug('jwtVerify: malformed token or bad signature', error.message);
req.user = null;
} else {
req.user = decoded.user || null;
}
req.user = decoded.user || null;
next();
});
}
@@ -116,6 +115,7 @@ function isBrowser(req) {
// called by nginx to authorize any protected route. this route must return only 2xx or 401/403 (http://nginx.org/en/docs/http/ngx_http_auth_request_module.html)
function auth(req, res, next) {
if (!req.user) {
res.clearCookie('authToken');
if (isBrowser(req)) return next(new HttpError(401, 'Unauthorized'));
// the header has to be generated here and cannot be set in nginx config - https://forum.nginx.org/read.php?2,171461,171469#msg-171469
@@ -241,7 +241,7 @@ function initializeAuthwallExpressSync() {
.use(middleware.lastMile());
router.get ('/login', loginPage);
router.get ('/auth', jwtVerify, basicAuthVerify, auth);
router.get ('/auth', jwtVerify, basicAuthVerify, auth); // called by nginx before accessing protected page
router.post('/login', json, passwordAuth, authorize);
router.get ('/logout', logoutPage);
router.post('/logout', json, logout);