diff options
| author | OpeOginni <[email protected]> | 2026-05-03 15:20:05 +0200 |
|---|---|---|
| committer | GitHub <[email protected]> | 2026-05-03 13:20:05 +0000 |
| commit | 101566131d15dbe73e9d246d3d35da767f28cd80 (patch) | |
| tree | 2d3d6482f35925bbb2f8fea726b1e5100b95c8f1 | |
| parent | 8433e8b43333232e464f618daf542ace43442b6d (diff) | |
| download | opencode-101566131d15dbe73e9d246d3d35da767f28cd80.tar.gz opencode-101566131d15dbe73e9d246d3d35da767f28cd80.zip | |
fix(httpapi): add basic auth challenge for browser login
Adds a WWW-Authenticate challenge for unauthorized experimental HttpApi UI fallback responses so browsers open the Basic Auth prompt when a server password is configured.
| -rw-r--r-- | packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts | 8 | ||||
| -rw-r--r-- | packages/opencode/test/server/httpapi-ui.test.ts | 1 |
2 files changed, 8 insertions, 1 deletions
diff --git a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts index e022a568a..05b873897 100644 --- a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts +++ b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts @@ -5,6 +5,7 @@ import { HttpApiError, HttpApiMiddleware, HttpApiSecurity } from "effect/unstabl const AUTH_TOKEN_QUERY = "auth_token" const UNAUTHORIZED = 401 +const WWW_AUTHENTICATE = "Basic realm=\"Secure Area\"" export class Authorization extends HttpApiMiddleware.Service<Authorization>()( "@opencode/ExperimentalHttpApiAuthorization", @@ -82,7 +83,12 @@ function validateRawCredential<A, E, R>( ) { if (!isAuthRequired(config)) return effect if (!isCredentialAuthorized(credential, config)) - return Effect.succeed(HttpServerResponse.empty({ status: UNAUTHORIZED })) + return Effect.succeed( + HttpServerResponse.empty({ + status: UNAUTHORIZED, + headers: { "www-authenticate": WWW_AUTHENTICATE }, + }), + ) return effect } diff --git a/packages/opencode/test/server/httpapi-ui.test.ts b/packages/opencode/test/server/httpapi-ui.test.ts index 09b234bde..1de8a489c 100644 --- a/packages/opencode/test/server/httpapi-ui.test.ts +++ b/packages/opencode/test/server/httpapi-ui.test.ts @@ -201,6 +201,7 @@ describe("HttpApi UI fallback", () => { const response = await uiApp({ password: "secret", username: "opencode" }).request("/") expect(response.status).toBe(401) + expect(response.headers.get("www-authenticate")).toBe('Basic realm="Secure Area"') }) test("accepts auth token for the web UI", async () => { |