enricobuehler
9856c04b75
ci / rust (push) Has been cancelled
Single-user, LAN-reachable-but-gated. The web server is a backend-for-frontend:
- Login: POST /_auth/login {password} checks PUNKTFUNK_UI_PASSWORD (constant-time) and
sets a SEALED session cookie (h3 useSession / AES-GCM). server/middleware/auth.ts gates
every request — pages 302 → /login, /api → 401 — and FAILS CLOSED (503) when
PUNKTFUNK_UI_PASSWORD is unset, so a misconfigured LAN-exposed server admits no one.
- The management API stays loopback-only + token (never LAN-exposed). The proxy
(server/routes/api/[...].ts) injects PUNKTFUNK_MGMT_TOKEN server-side and drops the
browser's cookie before forwarding — the token never reaches the browser, which only
holds the session cookie.
Nitro doesn't auto-scan a server/ dir, so the Nitro plugin gets an explicit scanDirs to
pick up middleware + routes. Client: removed the localStorage token (server injects it);
the fetcher bounces to /login on 401; new /login page (bare, no shell); Settings drops the
token field and gains a Sign-out button; en/de strings.
Validated live end to end: unauth /→302, /api→401; wrong pw→401; right pw→200+cookie;
authed /api/v1/status→200 (proxied, mgmt token injected — the host required it); logout→
session cleared→401. tsc + build green.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
52 lines
1.8 KiB
TypeScript
52 lines
1.8 KiB
TypeScript
// The fetch mutator orval-generated hooks call: `apiFetch<T>(url, RequestInit)`. orval is
|
|
// configured (includeHttpResponseReturnType: false) so `T` is the response BODY; on an HTTP
|
|
// error we THROW an `ApiError` so React Query's `isError` works (the query client skips
|
|
// retries on 4xx — see src/router.tsx).
|
|
//
|
|
// Auth: requests are same-origin to `/api/...`; the browser sends only the session cookie
|
|
// (the server-side proxy injects the management bearer token — the token never lives in the
|
|
// browser). A 401 means the session is gone → bounce to /login.
|
|
|
|
/** A failed API call. `status` is the HTTP code; `data` is the parsed `ApiError` body if any. */
|
|
export class ApiError extends Error {
|
|
status: number
|
|
data: unknown
|
|
constructor(status: number, data: unknown, message?: string) {
|
|
super(message ?? `API error ${status}`)
|
|
this.name = 'ApiError'
|
|
this.status = status
|
|
this.data = data
|
|
}
|
|
}
|
|
|
|
export async function apiFetch<T>(url: string, options?: RequestInit): Promise<T> {
|
|
const headers = new Headers(options?.headers)
|
|
headers.set('Accept', 'application/json')
|
|
|
|
const res = await fetch(url, { ...options, headers, credentials: 'same-origin' })
|
|
|
|
const text = await res.text()
|
|
const body = text ? safeJson(text) : undefined
|
|
if (res.status === 401) redirectToLogin()
|
|
if (!res.ok) throw new ApiError(res.status, body, res.statusText)
|
|
return body as T
|
|
}
|
|
|
|
/** On lost session, send the user to the login screen, remembering where they were. */
|
|
function redirectToLogin(): void {
|
|
if (typeof window === 'undefined') return
|
|
if (window.location.pathname === '/login') return
|
|
const next = encodeURIComponent(window.location.pathname)
|
|
window.location.href = `/login?next=${next}`
|
|
}
|
|
|
|
function safeJson(text: string): unknown {
|
|
try {
|
|
return JSON.parse(text)
|
|
} catch {
|
|
return text
|
|
}
|
|
}
|
|
|
|
export default apiFetch
|