Fixes redirect to signin page in @keystone-6/auth when using `baseP…

…ath` (#8641) Co-authored-by: Daniel Cousens <413395+dcousens@users.noreply.github.com>
keystonejs · Jun 19, 2023 · 19bb460 · 19bb460
1 parent 6b1a64a
commit 19bb460
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 15 deletions.
diff --git a/.changeset/no-redirect.md b/.changeset/no-redirect.md
@@ -1,5 +1,5 @@
 ---
-'@keystone-6/core': patch
+'@keystone-6/auth': patch
 ---
 
 Removes `?from` redirect from `/signin` page to prevent open redirection.
diff --git a/.changeset/twelve-toes-punch.md b/.changeset/twelve-toes-punch.md
@@ -0,0 +1,6 @@
+---
+'@keystone-6/core': patch
+'@keystone-6/auth': patch
+---
+
+Adds `basePath` with a default of `'/'` to `pageMiddleware` to support redirects when using `ui.basePath`
diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
@@ -117,13 +117,6 @@ export function createAuth<ListTypeInfo extends BaseListTypeInfo>({
     return filesToWrite;
   };
 
-  /**
-   * publicAuthPages
-   *
-   * Must be added to the ui.publicPages config
-   */
-  const authPublicPages = ['/signin'];
-
   /**
    * extendGraphqlSchema
    *
@@ -214,28 +207,30 @@ export function createAuth<ListTypeInfo extends BaseListTypeInfo>({
   async function authMiddleware<TypeInfo extends BaseKeystoneTypeInfo>({
     context,
     wasAccessAllowed,
+    basePath,
   }: {
     context: KeystoneContext<TypeInfo>;
     wasAccessAllowed: boolean;
+    basePath: string;
   }): Promise<{ kind: 'redirect'; to: string } | void> {
     const { req } = context;
     const { pathname } = new URL(req!.url!, 'http://_');
 
     // redirect to init if initFirstItem conditions are met
-    if (pathname !== '/init' && (await hasInitFirstItemConditions(context))) {
-      return { kind: 'redirect', to: '/init' };
+    if (pathname !== `${basePath}/init` && (await hasInitFirstItemConditions(context))) {
+      return { kind: 'redirect', to: `${basePath}/init` };
     }
 
     // redirect to / if attempting to /init and initFirstItem conditions are not met
-    if (pathname === '/init' && !(await hasInitFirstItemConditions(context))) {
-      return { kind: 'redirect', to: '/' };
+    if (pathname === `${basePath}/init` && !(await hasInitFirstItemConditions(context))) {
+      return { kind: 'redirect', to: basePath };
     }
 
     // don't redirect if we have access
     if (wasAccessAllowed) return;
 
     // otherwise, redirect to signin
-    return { kind: 'redirect', to: '/signin' };
+    return { kind: 'redirect', to: `${basePath}/signin` };
   }
 
   function defaultIsAccessAllowed({ session, sessionStrategy }: KeystoneContext) {
@@ -263,6 +258,7 @@ export function createAuth<ListTypeInfo extends BaseListTypeInfo>({
         pageMiddleware,
         publicPages = [],
       } = ui || {};
+      const authPublicPages = [`${ui?.basePath ?? ''}/signin`];
       ui = {
         ...ui,
         publicPages: [...publicPages, ...authPublicPages],

diff --git a/packages/core/src/lib/server/createAdminUIMiddleware.ts b/packages/core/src/lib/server/createAdminUIMiddleware.ts
@@ -20,13 +20,20 @@ export function createAdminUIMiddlewareWithNextApp(
   const handle = nextApp.getRequestHandler();
 
   const {
-    ui: { isAccessAllowed = defaultIsAccessAllowed, pageMiddleware, publicPages = [] } = {},
+    ui: {
+      isAccessAllowed = defaultIsAccessAllowed,
+      pageMiddleware,
+      publicPages = [],
+      basePath = '',
+    } = {},
   } = config;
 
+  if (basePath.endsWith('/')) throw new TypeError('basePath must not end with a trailing slash');
+
   return async (req: express.Request, res: express.Response) => {
     const { pathname } = url.parse(req.url);
 
-    if (pathname?.startsWith('/_next') || pathname?.startsWith('/__next')) {
+    if (pathname?.startsWith(`${basePath}/_next`) || pathname?.startsWith(`${basePath}/__next`)) {
       return handle(req, res);
     }
 
@@ -38,6 +45,7 @@ export function createAdminUIMiddlewareWithNextApp(
       const shouldRedirect = await pageMiddleware?.({
         context,
         wasAccessAllowed,
+        basePath,
       });
 
       if (shouldRedirect) {

diff --git a/packages/core/src/types/config/index.ts b/packages/core/src/types/config/index.ts
@@ -181,6 +181,7 @@ export type AdminUIConfig<TypeInfo extends BaseKeystoneTypeInfo> = {
   pageMiddleware?: (args: {
     context: KeystoneContext<TypeInfo>;
     wasAccessAllowed: boolean;
+    basePath: string;
   }) => MaybePromise<{ kind: 'redirect'; to: string } | void>;
 };