diff --git a/packages/gatekeeper/package.json b/packages/gatekeeper/package.json index df340d8..359dfdd 100644 --- a/packages/gatekeeper/package.json +++ b/packages/gatekeeper/package.json @@ -1,6 +1,6 @@ { "name": "@mintel/gatekeeper", - "version": "1.7.11", + "version": "1.7.12", "private": true, "type": "module", "scripts": { diff --git a/packages/gatekeeper/src/app/api/verify/route.ts b/packages/gatekeeper/src/app/api/verify/route.ts index 3eb13f7..fcafa22 100644 --- a/packages/gatekeeper/src/app/api/verify/route.ts +++ b/packages/gatekeeper/src/app/api/verify/route.ts @@ -11,6 +11,8 @@ export async function GET(req: NextRequest) { // 1. URL Parameter Bypass (for automated tests/staging) const originalUrl = req.headers.get("x-forwarded-uri") || "/"; + + console.log(`[Verify] Check: ${originalUrl} | Cookie: ${session ? "Found" : "Missing"}`); const host = req.headers.get("x-forwarded-host") || req.headers.get("host") || ""; const proto = req.headers.get("x-forwarded-proto") || "https"; @@ -54,15 +56,17 @@ export async function GET(req: NextRequest) { if (session?.value) { if (session.value === password) { isAuthenticated = true; + console.log(`[Verify] Legacy password match`); } else { try { const payload = JSON.parse(session.value); if (payload.identity) { isAuthenticated = true; identity = payload.identity; + console.log(`[Verify] Identity verified: ${identity}`); } } catch (_e) { - // Fallback or old format + console.log(`[Verify] JSON Parse failed for cookie: ${session.value.substring(0, 10)}...`); } } } diff --git a/packages/gatekeeper/src/app/login/page.tsx b/packages/gatekeeper/src/app/login/page.tsx index 6d901fa..b343825 100644 --- a/packages/gatekeeper/src/app/login/page.tsx +++ b/packages/gatekeeper/src/app/login/page.tsx @@ -116,6 +116,7 @@ export default async function LoginPage({ searchParams }: LoginPageProps) { } if (userIdentity) { + console.log(`[Login] Success: ${userIdentity} | Redirect: ${targetRedirect}`); const cookieStore = await cookies(); // Store identity in the cookie (simplified for now, ideally signed) const sessionValue = JSON.stringify({ @@ -126,6 +127,8 @@ export default async function LoginPage({ searchParams }: LoginPageProps) { const isDev = process.env.NODE_ENV === "development"; + console.log(`[Login] Setting Cookie: ${authCookieName} | Domain: ${cookieDomain || "Default"}`); + cookieStore.set(authCookieName, sessionValue, { httpOnly: true, secure: !isDev, @@ -136,6 +139,7 @@ export default async function LoginPage({ searchParams }: LoginPageProps) { }); redirect(targetRedirect); } else { + console.log(`[Login] Failed for inputs. Redirecting back with error.`); redirect(`/login?error=1&redirect=${encodeURIComponent(targetRedirect)}`); } } diff --git a/packages/infra/scripts/wait-for-upstream.sh b/packages/infra/scripts/wait-for-upstream.sh index 6643078..e5fd763 100755 --- a/packages/infra/scripts/wait-for-upstream.sh +++ b/packages/infra/scripts/wait-for-upstream.sh @@ -28,20 +28,35 @@ echo "🔎 Searching for upstream release $TAG in $REPO..." # We look for runs on the specific ref (refs/tags/vX.Y.Z) RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG") -# Gitea returns a list of runs. We take the latest one. -RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id') +# Gitea returns a list of runs. We take the latest one by creation date. +RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs | sort_by(.created_at) | last | .id // empty') -if [[ "$RUN_ID" == "null" ]]; then - echo "⚠ī¸ Warning: No active run found for tag $TAG in $REPO yet. Upstream might be lagging." - echo " If this is a new tag, it might take a few seconds to appear." - # Optional: Wait a bit and try once more before failing - sleep 10 - RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG") - RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id') +if [[ -z "$RUN_ID" || "$RUN_ID" == "null" ]]; then + echo "ℹī¸ No recent action run found for tag $TAG in $REPO." + echo "🔎 Checking if tag $TAG exists in the repository..." - if [[ "$RUN_ID" == "null" ]]; then - echo "❌ Error: Could not find any action run for $TAG. Proceeding blindly or failing?" - # For safety, we fail if we explicitly requested a version that isn't building + TAG_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/tags/$TAG") + + if [[ "$TAG_EXISTS" == "200" ]]; then + echo "✅ Tag $TAG exists. Assuming it was released successfully in the past." + exit 0 + fi + + echo "⚠ī¸ Warning: Tag $TAG not found either. Upstream might be lagging or the version is invalid." + echo " Waiting 15s to see if it appears..." + sleep 15 + + RUN_QUERY=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/actions/runs?ref=refs/tags/$TAG") + RUN_ID=$(echo "$RUN_QUERY" | jq -r '.workflow_runs[0].id // empty') + + if [[ -z "$RUN_ID" || "$RUN_ID" == "null" ]]; then + # Final check for tag + TAG_EXISTS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token $GITEA_TOKEN" "$GITEA_API/repos/$REPO/tags/$TAG") + if [[ "$TAG_EXISTS" == "200" ]]; then + echo "✅ Tag $TAG finally detected. Proceeding." + exit 0 + fi + echo "❌ Error: Could not find any action run OR tag for $TAG in $REPO." exit 1 fi fi