fix(auth): change userpass to redirect to login and update documentation

2026-01-11 22:30:47 +01:00 · 2025-09-14 21:11:20 +08:00
parent 025ebab1ce
commit 8b8969f033
5 changed files with 7 additions and 19 deletions
--- a/internal/api/v1/auth/check.go
+++ b/internal/api/v1/auth/check.go
@@ -5,14 +5,14 @@ import (
 	"github.com/yusing/go-proxy/internal/auth"
 )

-// @x-id				"check"
+// @x-id	  	"check"
 // @Base			/api/v1
 // @Summary		Check authentication status
 // @Description	Checks if the user is authenticated by validating their token
 // @Tags			auth
 // @Produce		plain
 // @Success		200	{string}	string	"OK"
-// @Failure		403	{string}	string	"Forbidden: use X-Redirect-To header to redirect to login page"
+// @Failure		302	{string}	string	"Redirects to login page or IdP"
 // @Router			/auth/check [head]
 func Check(c *gin.Context) {
 	auth.AuthCheckHandler(c.Writer, c.Request)
--- a/internal/api/v1/auth/login.go
+++ b/internal/api/v1/auth/login.go
@@ -12,7 +12,6 @@ import (
 // @Tags       auth
 // @Produce    plain
 // @Success    302 {string} string "Redirects to login page or IdP"
-// @Failure    403 {string} string "Forbidden(webui): follow X-Redirect-To header"
 // @Failure    429 {string} string "Too Many Requests"
 // @Router     /auth/login [post]
 func Login(c *gin.Context) {
--- a/internal/api/v1/docs/swagger.json
+++ b/internal/api/v1/docs/swagger.json
@@ -239,8 +239,8 @@
              "type": "string"
            }
          },
-          "403": {
-            "description": "Forbidden: use X-Redirect-To header to redirect to login page",
+          "302": {
+            "description": "Redirects to login page or IdP",
            "schema": {
              "type": "string"
            }
@@ -267,12 +267,6 @@
              "type": "string"
            }
          },
-          "403": {
-            "description": "Forbidden(webui): follow X-Redirect-To header",
-            "schema": {
-              "type": "string"
-            }
-          },
          "429": {
            "description": "Too Many Requests",
            "schema": {
--- a/internal/api/v1/docs/swagger.yaml
+++ b/internal/api/v1/docs/swagger.yaml
@@ -1581,8 +1581,8 @@ paths:
          description: OK
          schema:
            type: string
-        "403":
-          description: 'Forbidden: use X-Redirect-To header to redirect to login page'
+        "302":
+          description: Redirects to login page or IdP
          schema:
            type: string
      summary: Check authentication status
@@ -1600,10 +1600,6 @@ paths:
          description: Redirects to login page or IdP
          schema:
            type: string
-        "403":
-          description: 'Forbidden(webui): follow X-Redirect-To header'
-          schema:
-            type: string
        "429":
          description: Too Many Requests
          schema:
--- a/internal/auth/userpass.go
+++ b/internal/auth/userpass.go
@@ -129,8 +129,7 @@ func (auth *UserPassAuth) PostAuthCallbackHandler(w http.ResponseWriter, r *http
 }

 func (auth *UserPassAuth) LoginHandler(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("X-Redirect-To", "/login")
-	w.WriteHeader(http.StatusForbidden)
+	http.Redirect(w, r, "/login", http.StatusFound)
 }

 func (auth *UserPassAuth) LogoutHandler(w http.ResponseWriter, r *http.Request) {