OPDS: Allow fallback to Basic Auth (#1613)

* Move API authorization to UserType

We already verify the JWT there, so do the same with cookies. This makes
the next steps easier

* OPDS: Allow basic auth as fallback

* Send 404 for any unmatched API request

Redirecting to the UI is weird and can cause problems with the
SIMPLE_LOGIN check (which ignores API requests)

* Webview: Present Login page in SIMPLE_LOGIN mode

For BASIC_AUTH, the dialog is always presented. With UI_LOGIN, we have a
custom login dialog.
Before, SIMPLE_LOGIN would just say "Unauthorized", as with all API
endpoints. With the last commits, SIMPLE_LOGIN is checked by the
endpoints, which Webview did not, so the page would load, but then the
Websocket would error out, despite showing the login dialog.

* Lint
This commit is contained in:
Constantin Piber
2025-08-24 18:36:11 +02:00
committed by GitHub
parent 9a33e3808a
commit 46e2ef125a
4 changed files with 94 additions and 36 deletions

View File

@@ -9,15 +9,20 @@ package suwayomi.tachidesk.global.controller
import io.javalin.http.ContentType
import io.javalin.http.HttpStatus
import io.javalin.http.RedirectResponse
import io.javalin.websocket.WsConfig
import suwayomi.tachidesk.global.impl.WebView
import suwayomi.tachidesk.graphql.types.AuthMode
import suwayomi.tachidesk.i18n.LocalizationHelper
import suwayomi.tachidesk.server.JavalinSetup.Attribute
import suwayomi.tachidesk.server.JavalinSetup.getAttribute
import suwayomi.tachidesk.server.serverConfig
import suwayomi.tachidesk.server.user.UnauthorizedException
import suwayomi.tachidesk.server.user.requireUser
import suwayomi.tachidesk.server.util.handler
import suwayomi.tachidesk.server.util.queryParam
import suwayomi.tachidesk.server.util.withOperation
import java.net.URLEncoder
import java.util.Locale
object WebViewController {
@@ -31,7 +36,18 @@ object WebViewController {
}
},
behaviorOf = { ctx, lang ->
// intentionally not user-protected, this pages handles login by itself
// intentionally not user-protected, this pages handles login by itself in UI_LOGIN mode
// for SIMPLE_LOGIN, we need to manually redirect to make this work
// for BASIC_AUTH, JavalinSetup already handles this
if (serverConfig.authMode.value == AuthMode.SIMPLE_LOGIN) {
try {
ctx.getAttribute(Attribute.TachideskUser).requireUser()
} catch (_: UnauthorizedException) {
val url = "/login.html?redirect=" + URLEncoder.encode(ctx.fullUrl(), Charsets.UTF_8)
ctx.header("Location", url)
throw RedirectResponse(HttpStatus.SEE_OTHER)
}
}
val locale: Locale = LocalizationHelper.ctxToLocale(ctx, lang)
ctx.contentType(ContentType.TEXT_HTML)
ctx.render(