mmintel/at-mintel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gatekeeper): enhance logging and stabilize upstream polling
All checks were successful
Monorepo Pipeline / ⚡ Prioritize Release (push) Successful in 2s
Details
Monorepo Pipeline / 🧪 Test (push) Successful in 6m38s
Details
Monorepo Pipeline / 🧹 Lint (push) Successful in 7m14s
Details
Monorepo Pipeline / 🏗️ Build (push) Successful in 10m24s
Details
Monorepo Pipeline / 🐳 Build Directus (Base) (push) Successful in 1m39s
Details
Monorepo Pipeline / 🐳 Build Build-Base (push) Successful in 2m7s
Details
Monorepo Pipeline / 🐳 Build Production Runtime (push) Successful in 2m8s
Details
Monorepo Pipeline / 🚀 Release (push) Successful in 2m18s
Details
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Successful in 6m58s
Details

Browse Source
This commit is contained in:
Marc Mintel
2026-02-11 22:49:16 +01:00
parent 63d2acfab5
commit 316c03869a
4 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/gatekeeper/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "@mintel/gatekeeper",
"version": "1.7.11",
"version": "1.7.12",
"private": true,
"type": "module",
"scripts": {

6
packages/gatekeeper/src/app/api/verify/route.ts
View File

@@ -11,6 +11,8 @@ export async function GET(req: NextRequest) {
// 1. URL Parameter Bypass (for automated tests/staging)
const originalUrl = req.headers.get("x-forwarded-uri") || "/";
console.log(`[Verify] Check: ${originalUrl} | Cookie: ${session ? "Found" : "Missing"}`);
const host =
req.headers.get("x-forwarded-host") || req.headers.get("host") || "";
const proto = req.headers.get("x-forwarded-proto") || "https";
@@ -54,15 +56,17 @@ export async function GET(req: NextRequest) {
if (session?.value) {
if (session.value === password) {
isAuthenticated = true;
console.log(`[Verify] Legacy password match`);
} else {
try {
const payload = JSON.parse(session.value);
if (payload.identity) {
isAuthenticated = true;
identity = payload.identity;
console.log(`[Verify] Identity verified: ${identity}`);
}
} catch (_e) {
// Fallback or old format
console.log(`[Verify] JSON Parse failed for cookie: ${session.value.substring(0, 10)}...`);
}
}
}

4
packages/gatekeeper/src/app/login/page.tsx
View File

@@ -116,6 +116,7 @@ export default async function LoginPage({ searchParams }: LoginPageProps) {
}
if (userIdentity) {
console.log(`[Login] Success: ${userIdentity} | Redirect: ${targetRedirect}`);
const cookieStore = await cookies();
// Store identity in the cookie (simplified for now, ideally signed)
const sessionValue = JSON.stringify({
@@ -126,6 +127,8 @@ export default async function LoginPage({ searchParams }: LoginPageProps) {
const isDev = process.env.NODE_ENV === "development";
console.log(`[Login] Setting Cookie: ${authCookieName} | Domain: ${cookieDomain || "Default"}`);
cookieStore.set(authCookieName, sessionValue, {
httpOnly: true,
secure: !isDev,
@@ -136,6 +139,7 @@ export default async function LoginPage({ searchParams }: LoginPageProps) {
});
redirect(targetRedirect);
} else {
console.log(`[Login] Failed for inputs. Redirecting back with error.`);
redirect(`/login?error=1&redirect=${encodeURIComponent(targetRedirect)}`);
}
}

39
packages/infra/scripts/wait-for-upstream.sh
View File

@@ -28,20 +28,35 @@ echo "🔎 Searching for upstream release $TAG in $REPO..."
# We look for runs on the specific ref (refs/tags/vX.Y.Z)
RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG")
# Gitea returns a list of runs. We take the latest one.
RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id')
# Gitea returns a list of runs. We take the latest one by creation date.
RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs | sort_by(.created_at) | last | .id // empty')
if [[ "$RUN_ID" == "null" ]]; then
echo "⚠️ Warning: No active run found for tag $TAG in $REPO yet. Upstream might be lagging."
echo " If this is a new tag, it might take a few seconds to appear."
# Optional: Wait a bit and try once more before failing
sleep 10
RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG")
RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id')
if [[ -z "$RUN_ID" || "$RUN_ID" == "null" ]]; then
echo " No recent action run found for tag $TAG in $REPO."
echo "🔎 Checking if tag $TAG exists in the repository..."
if [[ "$RUN_ID" == "null" ]]; then
echo "❌ Error: Could not find any action run for $TAG. Proceeding blindly or failing?"
# For safety, we fail if we explicitly requested a version that isn't building
TAG_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/tags/$TAG")
if [[ "$TAG_EXISTS" == "200" ]]; then
echo "✅ Tag $TAG exists. Assuming it was released successfully in the past."
exit 0
fi
echo "⚠️ Warning: Tag $TAG not found either. Upstream might be lagging or the version is invalid."
echo " Waiting 15s to see if it appears..."
sleep 15
RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG")
RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id // empty')
if [[ -z "$RUN_ID" || "$RUN_ID" == "null" ]]; then
# Final check for tag
TAG_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/tags/$TAG")
if [[ "$TAG_EXISTS" == "200" ]]; then
echo "✅ Tag $TAG finally detected. Proceeding."
exit 0
fi
echo "❌ Error: Could not find any action run OR tag for $TAG in $REPO."
exit 1
fi
fi