improve web ui
This commit is contained in:
@@ -3,26 +3,34 @@
|
||||
// (the browser never sees it) and drop the browser's own cookies/auth from the upstream
|
||||
// request, then proxy. The management API itself binds loopback only — this proxy is the
|
||||
// ONLY path to it from the LAN, and it's authenticated.
|
||||
import { defineEventHandler, getRequestURL, proxyRequest, setResponseStatus } from 'h3'
|
||||
import { mgmtToken, mgmtUrl } from '../../util/auth'
|
||||
import {
|
||||
defineEventHandler,
|
||||
getRequestURL,
|
||||
proxyRequest,
|
||||
setResponseStatus,
|
||||
} from "h3";
|
||||
import { mgmtToken, mgmtUrl } from "../../util/auth";
|
||||
|
||||
export default defineEventHandler((event) => {
|
||||
const { pathname, search } = getRequestURL(event)
|
||||
const target = `${mgmtUrl()}${pathname}${search}`
|
||||
const token = mgmtToken()
|
||||
// The mgmt API now requires a token always. Without one configured, forwarding an empty bearer
|
||||
// would just bounce as 401 — fail fast and legibly instead (the packaged service sources the
|
||||
// host's ~/.config/punktfunk/mgmt-token, so this only fires on a misconfigured/early-start deploy).
|
||||
if (!token) {
|
||||
setResponseStatus(event, 503)
|
||||
return { error: 'management token not configured (PUNKTFUNK_MGMT_TOKEN / ~/.config/punktfunk/mgmt-token)' }
|
||||
}
|
||||
return proxyRequest(event, target, {
|
||||
headers: {
|
||||
// Overwrite, not append: the host-held token replaces anything the browser sent.
|
||||
authorization: `Bearer ${token}`,
|
||||
// Don't forward the session cookie to the management API.
|
||||
cookie: '',
|
||||
},
|
||||
})
|
||||
})
|
||||
const { pathname, search } = getRequestURL(event);
|
||||
const target = `${mgmtUrl()}${pathname}${search}`;
|
||||
const token = mgmtToken();
|
||||
// The mgmt API now requires a token always. Without one configured, forwarding an empty bearer
|
||||
// would just bounce as 401 — fail fast and legibly instead (the packaged service sources the
|
||||
// host's ~/.config/punktfunk/mgmt-token, so this only fires on a misconfigured/early-start deploy).
|
||||
if (!token) {
|
||||
setResponseStatus(event, 503);
|
||||
return {
|
||||
error:
|
||||
"management token not configured (PUNKTFUNK_MGMT_TOKEN / ~/.config/punktfunk/mgmt-token)",
|
||||
};
|
||||
}
|
||||
return proxyRequest(event, target, {
|
||||
headers: {
|
||||
// Overwrite, not append: the host-held token replaces anything the browser sent.
|
||||
authorization: `Bearer ${token}`,
|
||||
// Don't forward the session cookie to the management API.
|
||||
cookie: "",
|
||||
},
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user