brut/bincio-activity
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix: redirect login to bincio.org (bincio-auth) when PUBLIC_AUTH_URL is set

Browse Source 
activity.bincio.org/login/ was issuing plain session tokens; bincio-activity
now validates JWTs, so that path silently broke. Auth wall and logout now
point to the central bincio-auth service instead.
This commit is contained in:
Davide Scaini
2026-06-02 16:31:46 +02:00
parent 13859a34d3
commit a142e8732f
2 changed files with 9 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
site/src/layouts/Base.astro
+5 -4
View File
@@ -14,6 +14,7 @@ const { title = 'BincioActivity', description = 'Your personal activity stats',
const editUrl = import.meta.env.PUBLIC_EDIT_URL ?? '';
const wikiUrl = import.meta.env.PUBLIC_WIKI_URL ?? '';
const plannerUrl = import.meta.env.PUBLIC_PLANNER_URL ?? '';
const authUrl = import.meta.env.PUBLIC_AUTH_URL ?? '';
// Edit UI is enabled when PUBLIC_EDIT_URL is set (single-user bincio-edit mode)
// OR when PUBLIC_EDIT_ENABLED=true (multi-user VPS mode — API proxied at /api/).
const editEnabled = editUrl !== '' || import.meta.env.PUBLIC_EDIT_ENABLED === 'true';
@@ -99,11 +100,11 @@ try {
eliminating the flash of protected content. -->
{instancePrivate && !isPublicPage && (
<style is:inline>[data-auth-pending]{visibility:hidden}</style>
<script is:inline>
<script is:inline define:vars={{ authUrl }}>
fetch('/api/me', { credentials: 'include' })
.then(r => {
if (r.status === 401 || r.status === 404) {
window.location.replace('/login/');
window.location.replace(authUrl ? authUrl + '/login/' : '/login/');
} else {
document.body.removeAttribute('data-auth-pending');
}
@@ -596,7 +597,7 @@ try {
<!-- User widget: only needed for multi-user (single-user nav links are static) -->
{!singleHandle && (
<script define:vars={{ baseUrl }}>
<script define:vars={{ baseUrl, authUrl }}>
(async () => {
try {
const r = await fetch('/api/me', { credentials: 'include' });
@@ -715,7 +716,7 @@ try {
async function doLogout() {
try { await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' }); } catch (_) {}
window.location.href = baseUrl + 'login/';
window.location.href = authUrl ? authUrl + '/login/' : baseUrl + 'login/';
}
document.getElementById('nav-logout')?.addEventListener('click', doLogout);
document.getElementById('nav-logout-m')?.addEventListener('click', doLogout);
site/src/pages/login/index.astro
+4 -79
View File
@@ -1,81 +1,6 @@
---
import Base from '../../layouts/Base.astro';
const editUrl = import.meta.env.PUBLIC_EDIT_URL ?? '';
const wikiUrl = import.meta.env.PUBLIC_WIKI_URL ?? '';
const authUrl = import.meta.env.PUBLIC_AUTH_URL ?? '';
const target = authUrl ? authUrl + '/login/' : '/';
---
<Base title="Login — BincioActivity" public={true}>
<div class="max-w-sm mx-auto mt-16 px-4">
<p class="text-center text-zinc-600 text-sm italic mb-8 leading-relaxed">
mangia<br/>bevi<br/>stai calmo<br/>non strappare
</p>
<h1 class="text-2xl font-bold text-white mb-6 text-center">Sign in</h1>
<form id="login-form" data-wiki-url={wikiUrl} class="space-y-4">
<div>
<label class="block text-sm text-zinc-400 mb-1" for="handle">Handle</label>
<input id="handle" name="handle" type="text" autocomplete="username"
class="w-full px-3 py-2 rounded-lg bg-zinc-900 border border-zinc-700 text-white placeholder-zinc-500 focus:outline-none focus:border-[--accent]"
placeholder="your handle" required />
</div>
<div>
<label class="block text-sm text-zinc-400 mb-1" for="password">Password</label>
<input id="password" name="password" type="password" autocomplete="current-password"
class="w-full px-3 py-2 rounded-lg bg-zinc-900 border border-zinc-700 text-white focus:outline-none focus:border-[--accent]"
required />
</div>
<p id="login-error" class="text-red-400 text-sm hidden"></p>
<button type="submit"
class="w-full py-2 rounded-lg bg-[--accent] hover:opacity-90 text-white font-medium transition-opacity">
Sign in
</button>
</form>
{editUrl && (
<p class="text-center text-zinc-500 text-sm mt-6">
Have an invite? <a href="/register/" class="text-[--accent] hover:underline">Create account</a>
</p>
<p class="text-center text-zinc-600 text-sm mt-2">
<a href="/reset-password/" class="hover:text-zinc-400 transition-colors">Forgot password?</a>
</p>
)}
</div>
</Base>
<script>
const form = document.getElementById('login-form') as HTMLFormElement;
const errEl = document.getElementById('login-error') as HTMLElement;
const wikiUrl = form?.dataset.wikiUrl ?? '';
form?.addEventListener('submit', async (e) => {
e.preventDefault();
const handle = (form.querySelector('#handle') as HTMLInputElement).value.trim();
const password = (form.querySelector('#password') as HTMLInputElement).value;
errEl.classList.add('hidden');
try {
const r = await fetch('/api/auth/login', {
method: 'POST',
credentials: 'include',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ handle, password }),
});
if (!r.ok) {
const d = await r.json().catch(() => ({}));
errEl.textContent = d.detail ?? 'Invalid credentials';
errEl.classList.remove('hidden');
return;
}
const data = await r.json();
// Wiki-only users have no activity access — send them straight to the wiki.
if (!data.activity_access && data.wiki_access && wikiUrl) {
window.location.href = wikiUrl;
return;
}
const next = new URLSearchParams(window.location.search).get('next') ?? '/';
window.location.href = next;
} catch {
errEl.textContent = 'Could not reach server';
errEl.classList.remove('hidden');
}
});
</script>
<meta http-equiv="refresh" content={`0;url=${target}`} />
<script define:vars={{ target }}>window.location.replace(target);</script>