feat: add gk_bypass
All checks were successful
Monorepo Pipeline / 🧪 Quality Assurance (push) Successful in 14m32s
Monorepo Pipeline / 🐳 Build Directus (Base) (push) Successful in 17s
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Successful in 3m17s
Monorepo Pipeline / 🐳 Build Build-Base (push) Successful in 2m38s
Monorepo Pipeline / 🐳 Build Production Runtime (push) Successful in 21s
Monorepo Pipeline / 🚀 Release (push) Successful in 14m53s
All checks were successful
Monorepo Pipeline / 🧪 Quality Assurance (push) Successful in 14m32s
Monorepo Pipeline / 🐳 Build Directus (Base) (push) Successful in 17s
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Successful in 3m17s
Monorepo Pipeline / 🐳 Build Build-Base (push) Successful in 2m38s
Monorepo Pipeline / 🐳 Build Production Runtime (push) Successful in 21s
Monorepo Pipeline / 🚀 Release (push) Successful in 14m53s
This commit is contained in:
@@ -9,6 +9,45 @@ export async function GET(req: NextRequest) {
|
|||||||
|
|
||||||
const session = cookieStore.get(authCookieName);
|
const session = cookieStore.get(authCookieName);
|
||||||
|
|
||||||
|
// 1. URL Parameter Bypass (for automated tests/staging)
|
||||||
|
const originalUrl = req.headers.get("x-forwarded-uri") || "/";
|
||||||
|
const host =
|
||||||
|
req.headers.get("x-forwarded-host") || req.headers.get("host") || "";
|
||||||
|
const proto = req.headers.get("x-forwarded-proto") || "https";
|
||||||
|
|
||||||
|
try {
|
||||||
|
const url = new URL(originalUrl, `${proto}://${host}`);
|
||||||
|
if (url.searchParams.get("gk_bypass") === password) {
|
||||||
|
// Remove the bypass parameter from the redirect URL
|
||||||
|
url.searchParams.delete("gk_bypass");
|
||||||
|
const cleanUrl = url.pathname + url.search;
|
||||||
|
const absoluteCleanUrl = `${proto}://${host}${cleanUrl}`;
|
||||||
|
|
||||||
|
const response = NextResponse.redirect(absoluteCleanUrl);
|
||||||
|
|
||||||
|
// Set the session cookie so the bypass is persistent
|
||||||
|
const isDev = process.env.NODE_ENV === "development";
|
||||||
|
const cookieDomain = process.env.COOKIE_DOMAIN;
|
||||||
|
const sessionValue = JSON.stringify({
|
||||||
|
identity: "Bypass",
|
||||||
|
timestamp: Date.now(),
|
||||||
|
});
|
||||||
|
|
||||||
|
response.cookies.set(authCookieName, sessionValue, {
|
||||||
|
httpOnly: true,
|
||||||
|
secure: !isDev,
|
||||||
|
path: "/",
|
||||||
|
maxAge: 30 * 24 * 60 * 60, // 30 days
|
||||||
|
sameSite: "lax",
|
||||||
|
...(cookieDomain ? { domain: cookieDomain } : {}),
|
||||||
|
});
|
||||||
|
|
||||||
|
return response;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
// URL parsing failed, proceed with normal logic
|
||||||
|
}
|
||||||
|
|
||||||
let isAuthenticated = false;
|
let isAuthenticated = false;
|
||||||
let identity = "Guest";
|
let identity = "Guest";
|
||||||
|
|
||||||
@@ -38,11 +77,6 @@ export async function GET(req: NextRequest) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Traefik ForwardAuth headers
|
// Traefik ForwardAuth headers
|
||||||
const originalUrl = req.headers.get("x-forwarded-uri") || "/";
|
|
||||||
const host =
|
|
||||||
req.headers.get("x-forwarded-host") || req.headers.get("host") || "";
|
|
||||||
const proto = req.headers.get("x-forwarded-proto") || "https";
|
|
||||||
|
|
||||||
const gatekeeperUrl =
|
const gatekeeperUrl =
|
||||||
process.env.NEXT_PUBLIC_BASE_URL || `${proto}://gatekeeper.${host}`;
|
process.env.NEXT_PUBLIC_BASE_URL || `${proto}://gatekeeper.${host}`;
|
||||||
const absoluteOriginalUrl = `${proto}://${host}${originalUrl}`;
|
const absoluteOriginalUrl = `${proto}://${host}${originalUrl}`;
|
||||||
|
|||||||
Reference in New Issue
Block a user