mmintel/gridpilot.gg
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
0db80fa98de151272c3da9364db418fac4d7df11
gridpilot.gg/MIDDLEWARE_FIX_SUMMARY.md
Marc Mintel b8eb8fb005 middleware fix wip
2026-01-04 01:45:14 +01:00

49 lines
2.1 KiB
Markdown
Raw Blame History

# Middleware Authentication Fix Summary
## Problem
6 out of 12 e2e tests failing due to middleware not properly protecting routes.
## Root Cause Analysis
### Issue 1: Cookie Loss in Redirect Chain
When navigating to `/sponsor`, the page component does a server-side `redirect('/sponsor/dashboard')` which loses cookies in the redirect chain. This causes the second request to `/sponsor/dashboard` to have no cookies.
**Evidence:**
```
/sponsor - cookie header length: 50 ✓
/sponsor/dashboard - cookie header length: 0 ✗
```
**Fix:** Handle `/sponsor``/sponsor/dashboard` redirect in middleware to preserve cookies.
### Issue 2: Auth Page Redirect Loop
When an authenticated user with insufficient permissions is redirected to `/auth/login?returnTo=/sponsor/dashboard`, the middleware immediately redirects them away from the login page because they're authenticated. This creates a conflict.
**Fix:** Allow authenticated users to access login pages if they have a `returnTo` parameter (indicating they were sent there due to insufficient permissions).
### Issue 3: SessionGateway Cookie Handling
The `SessionGateway.getSession()` method was checking `if (cookieHeader)` which evaluates to `false` for empty strings, causing it to fall through to server component context even when called from middleware with an empty cookie header.
**Fix:** Check `if (cookieHeader !== undefined)` instead.
## Changes Made
1. **apps/website/lib/gateways/SessionGateway.ts**
- Fixed cookie header check to use `!== undefined` instead of truthy check
2. **apps/website/middleware.ts**
- Added redirect from `/sponsor` to `/sponsor/dashboard` in middleware
- Added check for `returnTo` parameter in auth page logic
- Added comprehensive logging
3. **apps/website/app/sponsor/dashboard/page.tsx**
- Added `export const dynamic = 'force-dynamic'` (reverted - doesn't work with client components)
## Test Results
Still failing - need to investigate further.
## Next Steps
1. Check if cookies are being set with correct domain
2. Verify Playwright cookie handling in Docker environment
3. Consider if the test expectations are correct
Reference in New Issue View Git Blame Copy Permalink