marcel/familienarchiv
1
0
Fork 0
Code Issues 126 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(auth): proxy document file requests server-side to prevent Basic Auth popup
Some checks are pending
CI / Unit & Component Tests (push) Successful in 1m55s
Details
CI / Backend Unit Tests (push) Successful in 2m8s
Details
CI / E2E Tests (push) Has started running
Details

Browse Source 
Client-side fetch('/api/documents/{id}/file') bypassed the handleFetch hook
that injects the Authorization header, causing the browser to receive a 401
with WWW-Authenticate: Basic and show a native auth dialog.

Added a SvelteKit server route at /api/documents/[id]/file that proxies the
request through the server, where handleFetch injects the auth cookie correctly.

Also fixed E2E default password (admin → admin123) to match application.yaml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-03-20 11:01:31 +01:00
parent e9b03ee6a9
commit 203b7d2b08
3 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
frontend/e2e/auth.setup.ts
View File

@@ -9,11 +9,11 @@ const authFile = path.join(__dirname, '.auth/user.json');
* Logs in once and saves the session cookie so all E2E tests can reuse it.
* Configure credentials via environment variables:
* E2E_USERNAME (default: admin)
* E2E_PASSWORD (default: admin)
* E2E_PASSWORD (default: admin123)
*/
setup('authenticate', async ({ page }) => {
const username = process.env.E2E_USERNAME ?? 'admin';
const password = process.env.E2E_PASSWORD ?? 'admin';
const password = process.env.E2E_PASSWORD ?? 'admin123';
await page.goto('/login');
await page.getByLabel('Benutzername').fill(username);

2
frontend/e2e/helpers/auth.ts
View File

@@ -3,7 +3,7 @@ import type { Page } from '@playwright/test';
export async function login(
page: Page,
username = process.env.E2E_USERNAME ?? 'admin',
password = process.env.E2E_PASSWORD ?? 'admin'
password = process.env.E2E_PASSWORD ?? 'admin123'
) {
await page.goto('/login');
await page.getByLabel('Benutzername').fill(username);

19
frontend/src/routes/api/documents/[id]/file/+server.ts Normal file
View File

@@ -0,0 +1,19 @@
import type { RequestHandler } from './$types';
import { env } from 'process';
export const GET: RequestHandler = async ({ params, fetch }) => {
const backendUrl = `${env.API_INTERNAL_URL || 'http://localhost:8080'}/api/documents/${params.id}/file`;
const response = await fetch(backendUrl);
if (!response.ok) {
return new Response(null, { status: response.status });
}
return new Response(response.body, {
headers: {
'Content-Type': response.headers.get('Content-Type') ?? 'application/octet-stream',
'Content-Disposition': response.headers.get('Content-Disposition') ?? ''
}
});
};