brut/bincio-activity
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity

fix: redirect login to bincio.org (bincio-auth) when PUBLIC_AUTH_URL is set

Browse Source 
activity.bincio.org/login/ was issuing plain session tokens; bincio-activity
now validates JWTs, so that path silently broke. Auth wall and logout now
point to the central bincio-auth service instead.
This commit is contained in:
Davide Scaini
2026-06-02 16:31:46 +02:00
parent 13859a34d3
commit a142e8732f
2 changed files with 9 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files
site/src/layouts/Base.astro
+5 -4
View File
@@ -14,6 +14,7 @@ const { title = 'BincioActivity', description = 'Your personal activity stats',
const editUrl = import.meta.env.PUBLIC_EDIT_URL ?? '';
const wikiUrl = import.meta.env.PUBLIC_WIKI_URL ?? '';
const plannerUrl = import.meta.env.PUBLIC_PLANNER_URL ?? '';
const authUrl = import.meta.env.PUBLIC_AUTH_URL ?? '';
// Edit UI is enabled when PUBLIC_EDIT_URL is set (single-user bincio-edit mode)
// OR when PUBLIC_EDIT_ENABLED=true (multi-user VPS mode — API proxied at /api/).
const editEnabled = editUrl !== '' || import.meta.env.PUBLIC_EDIT_ENABLED === 'true';
@@ -99,11 +100,11 @@ try {
eliminating the flash of protected content. -->
{instancePrivate && !isPublicPage && (
<style is:inline>[data-auth-pending]{visibility:hidden}</style>
<script is:inline>
<script is:inline define:vars={{ authUrl }}>
fetch('/api/me', { credentials: 'include' })
.then(r => {
if (r.status === 401 || r.status === 404) {
window.location.replace('/login/');
window.location.replace(authUrl ? authUrl + '/login/' : '/login/');
} else {
document.body.removeAttribute('data-auth-pending');
}
@@ -596,7 +597,7 @@ try {
<!-- User widget: only needed for multi-user (single-user nav links are static) -->
{!singleHandle && (
<script define:vars={{ baseUrl }}>
<script define:vars={{ baseUrl, authUrl }}>
(async () => {
try {
const r = await fetch('/api/me', { credentials: 'include' });
@@ -715,7 +716,7 @@ try {
async function doLogout() {
try { await fetch('/api/auth/logout', { method: 'POST', credentials: 'include' }); } catch (_) {}
window.location.href = baseUrl + 'login/';
window.location.href = authUrl ? authUrl + '/login/' : baseUrl + 'login/';
}
document.getElementById('nav-logout')?.addEventListener('click', doLogout);
document.getElementById('nav-logout-m')?.addEventListener('click', doLogout);