Alias legacy /admin auth routes to root endpoints
This commit is contained in:
svemagie
@@ -4,6 +4,7 @@
|
||||
|
||||
- The IndieKit admin uses root auth/session paths (for example: `/session/login`, `/auth`, `/auth/new-password`).
|
||||
- Legacy `/admin` request paths are normalized to root login redirects (for example `/admin/posts` -> `/session/login?redirect=/posts`) to avoid post-login dead-end targets.
|
||||
- Legacy auth/session aliases are redirected directly (for example `/admin/auth/new-password` -> `/auth/new-password`, `/admin/session/login` -> `/session/login`).
|
||||
- Login page now auto-continues to the password consent screen by default. Add `?noautocontinue=1` to `/session/login` if you want to keep the manual button step.
|
||||
- Login uses `PASSWORD_SECRET` (bcrypt hash), not `INDIEKIT_PASSWORD`.
|
||||
- If no `PASSWORD_SECRET` exists yet, open `/auth/new-password` once to generate it.
|
||||
|
||||
@@ -14,13 +14,15 @@ const newDevModeCode = `if (devMode && process.env.INDIEKIT_ALLOW_DEV_AUTH === "
|
||||
request.session.scope = "create update delete media";
|
||||
} else if (!process.env.PASSWORD_SECRET) {`;
|
||||
|
||||
const oldLoginRedirectCode = ` if (request.method === "GET") {
|
||||
return response.redirect(
|
||||
\`/session/login?redirect=\${request.originalUrl}\`,
|
||||
);
|
||||
}`;
|
||||
|
||||
const newLoginRedirectCode = ` if (request.method === "GET") {
|
||||
const directAlias = request.originalUrl.replace(
|
||||
/^\\/admin\\/(auth|session)(?=\\/|$)/,
|
||||
"/$1",
|
||||
);
|
||||
if (directAlias !== request.originalUrl) {
|
||||
return response.redirect(directAlias);
|
||||
}
|
||||
|
||||
const loginRedirect =
|
||||
request.originalUrl === "/admin"
|
||||
? "/"
|
||||
@@ -30,6 +32,11 @@ const newLoginRedirectCode = ` if (request.method === "GET") {
|
||||
);
|
||||
}`;
|
||||
|
||||
const oldLoginRedirectRegexes = [
|
||||
/if \(request\.method === "GET"\) \{\n\s+return response\.redirect\(\n\s+`\/session\/login\?redirect=\$\{request\.originalUrl\}`,\n\s+\);\n\s+\}/m,
|
||||
/if \(request\.method === "GET"\) \{\n\s+const loginRedirect =[\s\S]*?`\/session\/login\?redirect=\$\{loginRedirect\}`,\n\s+\);\n\s+\}/m,
|
||||
];
|
||||
|
||||
async function exists(path) {
|
||||
try {
|
||||
await access(path);
|
||||
@@ -56,11 +63,13 @@ for (const filePath of candidates) {
|
||||
updated = updated.replace(oldDevModeCode, newDevModeCode);
|
||||
}
|
||||
|
||||
if (
|
||||
!updated.includes(newLoginRedirectCode) &&
|
||||
updated.includes(oldLoginRedirectCode)
|
||||
) {
|
||||
updated = updated.replace(oldLoginRedirectCode, newLoginRedirectCode);
|
||||
if (!updated.includes("const directAlias = request.originalUrl.replace(")) {
|
||||
for (const regex of oldLoginRedirectRegexes) {
|
||||
if (regex.test(updated)) {
|
||||
updated = updated.replace(regex, newLoginRedirectCode);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (updated !== source) {
|
||||
|
||||
Reference in New Issue
Block a user