Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2025-12-16 15:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix authentication: redirect to login page instead of showing JSON errors

Browse source 
The auth middleware was returning JSON error messages ("No authentication token
provided") for web UI requests, which displayed as plain text in the browser.

Changes:
- Added isAPIRequest check to detect if request is for /api/* or web UI
- For web UI requests without auth: redirect to /login (HTTP 302)
- For API requests without auth: return JSON error (HTTP 401)
- Applied same logic for all auth failure scenarios (no token, invalid token,
  invalid claims, user not found)

This fixes the issue where users see JSON errors in the browser instead of
being properly redirected to the login page when authentication fails.
This commit is contained in:
Claude 2025-11-05 13:26:24 +00:00
parent d2a9c79633
commit db538f6dee
No known key found for this signature in database
1 changed files with 23 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

19
internal/middleware/auth.go
View file

@ -21,6 +21,9 @@ type Claims struct {
// AuthMiddleware validates JWT tokens and sets the current user
func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
return func(c *gin.Context) {
// Determine if this is an API request or web UI request
isAPIRequest := strings.HasPrefix(c.Request.URL.Path, "/api/")
// Try to get token from Authorization header
authHeader := c.GetHeader("Authorization")
var tokenString string
@ -47,7 +50,11 @@ func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
}
if tokenString == "" {
if isAPIRequest {
c.JSON(http.StatusUnauthorized, gin.H{"error": "No authentication token provided"})
} else {
c.Redirect(http.StatusFound, "/login")
}
c.Abort()
return
}
@ -61,14 +68,22 @@ func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
})
if err != nil || !token.Valid {
if isAPIRequest {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid or expired token"})
} else {
c.Redirect(http.StatusFound, "/login")
}
c.Abort()
return
}
claims, ok := token.Claims.(*Claims)
if !ok {
if isAPIRequest {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid token claims"})
} else {
c.Redirect(http.StatusFound, "/login")
}
c.Abort()
return
}
@ -76,7 +91,11 @@ func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
// Load user from database
var user models.User
if err := database.DB.First(&user, claims.UserID).Error; err != nil {
if isAPIRequest {
c.JSON(http.StatusUnauthorized, gin.H{"error": "User not found"})
} else {
c.Redirect(http.StatusFound, "/login")
}
c.Abort()
return
}