trade/trade-frontend
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(ui): show user and logout

Browse Source
This commit is contained in:
u1
2026-01-06 14:30:39 +01:00
parent 8217bae067
commit 5f8c2efe30
4 changed files with 96 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
services/frontend/server.mjs
View File

@@ -19,6 +19,9 @@ const BASIC_AUTH_MODE = String(process.env.BASIC_AUTH_MODE || 'on')
.trim()
.toLowerCase();
const BASIC_AUTH_ENABLED = !['off', 'false', '0', 'disabled', 'none'].includes(BASIC_AUTH_MODE);
const AUTH_USER_HEADER = String(process.env.AUTH_USER_HEADER || 'x-trade-user')
.trim()
.toLowerCase();
function readJson(filePath) {
const raw = fs.readFileSync(filePath, 'utf8');
@@ -54,6 +57,10 @@ function send(res, status, headers, body) {
res.end(body);
}
function sendJson(res, status, body) {
send(res, status, { 'content-type': 'application/json; charset=utf-8', 'cache-control': 'no-store' }, JSON.stringify(body));
}
function basicAuthRequired(res) {
res.setHeader('www-authenticate', 'Basic realm="trade"');
send(res, 401, { 'content-type': 'text/plain; charset=utf-8' }, 'unauthorized');
@@ -169,6 +176,17 @@ function stripHopByHopHeaders(headers) {
return out;
}
function readHeader(req, name) {
const v = req.headers[String(name).toLowerCase()];
return Array.isArray(v) ? v[0] : v;
}
function resolveAuthUser(req) {
const user = readHeader(req, AUTH_USER_HEADER) || readHeader(req, 'x-webauth-user');
const value = typeof user === 'string' ? user.trim() : '';
return value || null;
}
function proxyApi(req, res, apiReadToken) {
const upstreamBase = new URL(API_UPSTREAM);
const inUrl = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`);
@@ -230,6 +248,20 @@ function handler(req, res) {
return;
}
const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`);
if (req.method === 'GET' && url.pathname === '/whoami') {
sendJson(res, 200, { ok: true, user: resolveAuthUser(req) });
return;
}
if (req.method === 'GET' && url.pathname === '/logout') {
// NOTE: With HTTP basic auth handled upstream (Traefik), browser "logout" is best-effort.
// This endpoint forces a 401 so the browser prompts again, allowing the user to switch accounts.
res.setHeader('www-authenticate', 'Basic realm="trade"');
send(res, 401, { 'content-type': 'text/plain; charset=utf-8', 'cache-control': 'no-store' }, 'logged_out');
return;
}
if (BASIC_AUTH_ENABLED) {
let creds;
try {
@@ -272,6 +304,7 @@ server.listen(PORT, () => {
basicAuthFile: BASIC_AUTH_FILE,
basicAuthMode: BASIC_AUTH_MODE,
apiReadTokenFile: API_READ_TOKEN_FILE,
authUserHeader: AUTH_USER_HEADER,
},
null,
2