MODSetter
Access `/settings` when not logged in is not handled gracefully
Problem
As in title, accessing /settings while not logged in will display page errors instead of being redirected to login or home page.
This is just an example endpoint I find, and more comprehensive testing on other pages that require authentication to access should also be tested.
Screenshot
@NatsumeRyuhane Would you like to refine the non auth fallback. I think this issue will be true for every page. Better to redirect to /login .What do you think?
I can take this. Should be an easy fix, but need to be tested throughly. Do we have a list of API or something?
Okay, after a quick check I found that we do have a handler function defined for this behavior /lib/api.ts: fetchWithAuth, but It appears a lot of places where we should use this function was implemented with raw fetch instead.
I can take this. Should be an easy fix, but need to be tested throughly. Do we have a list of API or something?
Basically, the current auth flow works like this:
- We get the access token from the backend and send it to the frontend.
- The frontend stores it in localStorage as
surfsense_bearer_token. - Then, we include that token in further API requests.
So, I think we should redirect to /login whenever we get a 401 from the backend at any API call.
Okay, after a quick check I found that we do have a handler function defined for this behavior
/lib/api.ts: fetchWithAuth, but It appears a lot of places where we should use this function was implemented with rawfetchinstead.
Weird. If I remember it correctly I faced some issues when I used this wrapper. Maybe you can try again and try to fix that.