summaryrefslogtreecommitdiffhomepage
path: root/packages
diff options
context:
space:
mode:
authorOpeOginni <[email protected]>2026-05-03 15:20:05 +0200
committerGitHub <[email protected]>2026-05-03 13:20:05 +0000
commit101566131d15dbe73e9d246d3d35da767f28cd80 (patch)
tree2d3d6482f35925bbb2f8fea726b1e5100b95c8f1 /packages
parent8433e8b43333232e464f618daf542ace43442b6d (diff)
downloadopencode-101566131d15dbe73e9d246d3d35da767f28cd80.tar.gz
opencode-101566131d15dbe73e9d246d3d35da767f28cd80.zip
fix(httpapi): add basic auth challenge for browser login
Adds a WWW-Authenticate challenge for unauthorized experimental HttpApi UI fallback responses so browsers open the Basic Auth prompt when a server password is configured.
Diffstat (limited to 'packages')
-rw-r--r--packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts8
-rw-r--r--packages/opencode/test/server/httpapi-ui.test.ts1
2 files changed, 8 insertions, 1 deletions
diff --git a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
index e022a568a..05b873897 100644
--- a/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
+++ b/packages/opencode/src/server/routes/instance/httpapi/middleware/authorization.ts
@@ -5,6 +5,7 @@ import { HttpApiError, HttpApiMiddleware, HttpApiSecurity } from "effect/unstabl
const AUTH_TOKEN_QUERY = "auth_token"
const UNAUTHORIZED = 401
+const WWW_AUTHENTICATE = "Basic realm=\"Secure Area\""
export class Authorization extends HttpApiMiddleware.Service<Authorization>()(
"@opencode/ExperimentalHttpApiAuthorization",
@@ -82,7 +83,12 @@ function validateRawCredential<A, E, R>(
) {
if (!isAuthRequired(config)) return effect
if (!isCredentialAuthorized(credential, config))
- return Effect.succeed(HttpServerResponse.empty({ status: UNAUTHORIZED }))
+ return Effect.succeed(
+ HttpServerResponse.empty({
+ status: UNAUTHORIZED,
+ headers: { "www-authenticate": WWW_AUTHENTICATE },
+ }),
+ )
return effect
}
diff --git a/packages/opencode/test/server/httpapi-ui.test.ts b/packages/opencode/test/server/httpapi-ui.test.ts
index 09b234bde..1de8a489c 100644
--- a/packages/opencode/test/server/httpapi-ui.test.ts
+++ b/packages/opencode/test/server/httpapi-ui.test.ts
@@ -201,6 +201,7 @@ describe("HttpApi UI fallback", () => {
const response = await uiApp({ password: "secret", username: "opencode" }).request("/")
expect(response.status).toBe(401)
+ expect(response.headers.get("www-authenticate")).toBe('Basic realm="Secure Area"')
})
test("accepts auth token for the web UI", async () => {
generated by cgit v1.2.3 (git 2.39.1) at 2026-06-29 05:37:10 +0000