Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Customize initial 401 Unauthorized page (in a private setup) #149

Open
white-gecko opened this issue Dec 11, 2023 · 7 comments
Open

Customize initial 401 Unauthorized page (in a private setup) #149

white-gecko opened this issue Dec 11, 2023 · 7 comments
Labels
feature good first issue Good for newcomers stretch task Potentially delayed to a later milestone

Comments

@white-gecko
Copy link
Contributor

In a private databus setup I'm greeted with a 401 Unauthorized page. For the coypu project we would like to customize the welcome page, even in a private setup to show some helpful information.

@white-gecko white-gecko changed the title Customize initial 401 Unauthorized page Customize initial 401 Unauthorized page (in a private setup) Dec 11, 2023
@JJ-Author JJ-Author added good first issue Good for newcomers feature stretch task Potentially delayed to a later milestone labels Dec 27, 2023
@varun-singh-0518
Copy link

can you elaborate on this issue? I want to check this one

@white-gecko
Copy link
Contributor Author

Currently it looks like this:
grafik

I would like to set the title and some description text below. Also I would like to customize the background color of the welcome page. A bit similar to the dbpedia databus front page, but without the stats and the list of datasets.

grafik

@holycrab13
Copy link
Contributor

holycrab13 commented Jan 16, 2024

for routes that need to be protected with authentication there is a middleware used in the nodejs express setup. E.g:

router.post('/api/publish', protector.protect(true), async function (req, res, next) {

protector.protect() is the middleware call that checks authentication and redirects to a 401 in this case.
In private mode, this is slapped on everything:

app.all('*', protector.protect(true, function (req, res) {

Since this also applied to read-only pages (that are never protected in non-private mode) it also returns an HTML representation of the 401 response.

This is cool, except for the landing page that should still be customizable to some degree. I think it should use the customizable header of the default page. The customizable header is a feature that I am currently still working on. I will rush this, so this issue can be implemented

You can already implement this though and copy the current header of the landing page (index.ejs)

@varun-singh-0518
Copy link

varun-singh-0518 commented Jan 17, 2024

what should i define in this function to return it for read only pages.?

function isReadOnlyRoute(req) {
return req.path.startsWith('/read-only/');
}

//Here , i updated this to only apply this feature to pages which are not read only

app.all('*', function (req, res, next) {
  // Check if the application is in private mode
  if (process.env.DATABUS_PRIVATE_MODE == "true") {
    // Check if the route is read-only
    if (!isReadOnlyRoute(req)) {
      // Apply the global middleware for non-read-only routes
      return protector.protect(true, function (req, res) {
        if (protector.isBrowserRequest(req)) {
          var data = {}
          data.auth = ServerUtils.getAuthInfoFromRequest(req);
          res.status(401).render('unauthorized', {
            title: 'Unauthorized',
            data: data,
          });
        } else {
          res.status(401).send();
        }
      })(req, res, next);
    }
  }

  // For read-only routes or when not in private mode, handle the logic accordingly
  next();
});

@holycrab13
Copy link
Contributor

My explanation might have been misleading, there is no change or check needed for "read only". Private mode is supposed to route EVERYTHING to 401, nobody should see what is there except for authenticated users.

The task is about creating an exception for the landing page at the root path "/".

Expected behaviour:

  • non-HTML requests (e.g. done with curl) return 401 for all routes
  • HTML requests return the 401 HTML page
  • HTML request to the frontpage returns a custom 401 HTML page that includes the banner of the normal front page

My next merge will make the banner be contained in its own file banner.ejs that can be included into any other ejs file, such as a special private mode landing page.

@LucasGazetta
Copy link

Hey, would love to give it a go

@holycrab13
Copy link
Contributor

holycrab13 commented Jan 31, 2024

Okay, the dev branch has received some updates on this. The banner will now be held in a banner.ejs file (https://github.com/dbpedia/databus/blob/dev/public/templates/banner.ejs)

A custom 401 frontpage should include the banner via the ejs include syntax

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature good first issue Good for newcomers stretch task Potentially delayed to a later milestone
Projects
None yet
Development

No branches or pull requests

5 participants