refactor: detect if using browser or headless client for better responses

2025-10-28 04:35:40 +00:00 · 2025-03-10 17:02:23 +02:00
parent 3649d0d84e
commit ec67ea3807
2 changed files with 27 additions and 17 deletions
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -8,12 +8,12 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

-  nginx:
-    container_name: nginx
-    image: nginx:latest
+  whoami:
+    container_name: whoami
+    image: traefik/whoami:latest
    labels:
      traefik.enable: true
-      traefik.http.routers.nginx.rule: Host(`nginx.dev.local`)
+      traefik.http.routers.nginx.rule: Host(`whoami.dev.local`)
      traefik.http.services.nginx.loadbalancer.server.port: 80
      traefik.http.routers.nginx.middlewares: tinyauth

--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -131,18 +131,24 @@ func (api *API) SetupRoutes() {
 			return
 		}

-		log.Debug().Interface("proxy", proxy.Proxy).Msg("Got proxy")
+		// Check if the request is coming from a browser (tools like curl/bruno use */* and they don't include the text/html)
+		isBrowser := strings.Contains(c.Request.Header.Get("Accept"), "text/html")

-		// Check if using basic auth
-		_, _, basicAuth := c.Request.BasicAuth()
+		if isBrowser {
+			log.Debug().Msg("Request is most likely coming from a browser")
+		} else {
+			log.Debug().Msg("Request is most likely not coming from a browser")
+		}
+
+		log.Debug().Interface("proxy", proxy.Proxy).Msg("Got proxy")

 		// Check if auth is enabled
 		authEnabled, authEnabledErr := api.Auth.AuthEnabled(c)

 		// Handle error
 		if authEnabledErr != nil {
-			// Return 500 if nginx is the proxy or if the request is using basic auth
-			if proxy.Proxy == "nginx" || basicAuth {
+			// Return 500 if nginx is the proxy or if the request is not coming from a browser
+			if proxy.Proxy == "nginx" || !isBrowser {
 				log.Error().Err(authEnabledErr).Msg("Failed to check if auth is enabled")
 				c.JSON(500, gin.H{
 					"status":  500,
@@ -186,8 +192,8 @@ func (api *API) SetupRoutes() {

 			// Check if there was an error
 			if appAllowedErr != nil {
-				// Return 500 if nginx is the proxy or if the request is using basic auth
-				if proxy.Proxy == "nginx" || basicAuth {
+				// Return 500 if nginx is the proxy or if the request is not coming from a browser
+				if proxy.Proxy == "nginx" || !isBrowser {
 					log.Error().Err(appAllowedErr).Msg("Failed to check if app is allowed")
 					c.JSON(500, gin.H{
 						"status":  500,
@@ -208,9 +214,11 @@ func (api *API) SetupRoutes() {
 			if !appAllowed {
 				log.Warn().Str("username", userContext.Username).Str("host", host).Msg("User not allowed")

-				// Return 401 if nginx is the proxy or if the request is using an Authorization header
-				if proxy.Proxy == "nginx" || basicAuth {
+				// Set WWW-Authenticate header
 				c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
+
+				// Return 401 if nginx is the proxy or if the request is not coming from a browser
+				if proxy.Proxy == "nginx" || !isBrowser {
 					c.JSON(401, gin.H{
 						"status":  401,
 						"message": "Unauthorized",
@@ -252,9 +260,11 @@ func (api *API) SetupRoutes() {
 		// The user is not logged in
 		log.Debug().Msg("Unauthorized")

-		// Return 401 if nginx is the proxy or if the request is using an Authorization header
-		if proxy.Proxy == "nginx" || basicAuth {
+		// Set www-authenticate header
 		c.Header("WWW-Authenticate", "Basic realm=\"tinyauth\"")
+
+		// Return 401 if nginx is the proxy or if the request is not coming from a browser
+		if proxy.Proxy == "nginx" || !isBrowser {
 			c.JSON(401, gin.H{
 				"status":  401,
 				"message": "Unauthorized",