fix: only use groups in OAuth

2025-10-28 04:35:40 +00:00 · 2025-05-01 22:00:37 +03:00
parent 5278fbea68
commit a98a91a394
3 changed files with 68 additions and 46 deletions
--- a/frontend/src/pages/continue-page.tsx
+++ b/frontend/src/pages/continue-page.tsx
@@ -70,7 +70,7 @@ export const ContinuePage = () => {
        </Button>
        <Button
          fullWidth
-          mt="sm"
+          mt="xs"
          color="gray"
          onClick={() => (window.location.href = "/")}
        >
@@ -110,7 +110,7 @@ export const ContinuePage = () => {
        </Button>
        <Button
          fullWidth
-          mt="sm"
+          mt="xs"
          color="gray"
          onClick={() => (window.location.href = "/")}
        >
--- a/frontend/src/pages/unauthorized-page.tsx
+++ b/frontend/src/pages/unauthorized-page.tsx
@@ -2,8 +2,9 @@ import { Button, Code, Paper, Text } from "@mantine/core";
 import { Layout } from "../components/layouts/layout";
 import { Navigate } from "react-router";
 import { Trans, useTranslation } from "react-i18next";
-import React from "react";
+import React, { useEffect } from "react";
 import { isValidQuery } from "../utils/utils";
+import { useIsMounted } from "../lib/hooks/use-is-mounted";

 export const UnauthorizedPage = () => {
  const queryString = window.location.search;
@@ -12,13 +13,31 @@ export const UnauthorizedPage = () => {
  const groupErr = params.get("groupErr") ?? "";
  const resource = params.get("resource") ?? "";

+  const [isGroupErr, setIsGroupErr] = React.useState(false);
+
+  const useMounted = useIsMounted();
+
+  useEffect(() => {
+    if (useMounted()) {
+      if (isValidQuery(groupErr)) {
+        if (groupErr === "true") {
+          setIsGroupErr(true);
+          return;
+        }
+        setIsGroupErr(false);
+        return;
+      }
+      setIsGroupErr(false);
+    }
+  }, []);
+
  const { t } = useTranslation();

  if (!isValidQuery(username)) {
    return <Navigate to="/" />;
  }

-  if (isValidQuery(resource) && !isValidQuery(groupErr)) {
+  if (isValidQuery(resource) && !isGroupErr) {
    return (
      <UnauthorizedLayout>
        <Trans
@@ -31,7 +50,7 @@ export const UnauthorizedPage = () => {
    );
  }

-  if (isValidQuery(groupErr) && isValidQuery(resource)) {
+  if (isGroupErr && isValidQuery(resource)) {
    return (
      <UnauthorizedLayout>
        <Trans
--- a/internal/handlers/handlers.go
+++ b/internal/handlers/handlers.go
@@ -75,6 +75,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 	// Get the container labels
 	labels, err := h.Docker.GetLabels(appId)

+	log.Debug().Interface("labels", labels).Msg("Got labels")
+
 	// Check if there was an error
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get container labels")
@@ -183,8 +185,8 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 			return
 		}

-		log.Debug().Interface("labels", labels).Msg("Got labels")
-
+		// Check groups if using OAuth
+		if userContext.OAuth {
 			// Check if user is in required groups
 			groupOk := h.Auth.OAuthGroup(c, userContext, labels)

@@ -232,6 +234,7 @@ func (h *Handlers) AuthHandler(c *gin.Context) {
 				c.Redirect(http.StatusTemporaryRedirect, fmt.Sprintf("%s/unauthorized?%s", h.Config.AppURL, queries.Encode()))
 				return
 			}
+		}

 		c.Header("Remote-User", utils.SanitizeHeader(userContext.Username))
 		c.Header("Remote-Name", utils.SanitizeHeader(userContext.Name))