Require authentication before processing query params (#2017)
Browse filesAdded checks in +page.svelte and models/[...model]/+page.svelte to require authentication if 'q', 'prompt', or 'attachments' query parameters are present. This prevents unauthenticated users from processing these parameters and ensures proper redirection to login when needed. Also improved error handling for non-JSON error responses.
src/routes/+page.svelte
CHANGED
|
@@ -15,6 +15,7 @@
|
|
| 15 |
import { onMount, tick } from "svelte";
|
| 16 |
import { loading } from "$lib/stores/loading.js";
|
| 17 |
import { loadAttachmentsFromUrls } from "$lib/utils/loadAttachmentsFromUrls";
|
|
|
|
| 18 |
|
| 19 |
let { data } = $props();
|
| 20 |
|
|
@@ -52,7 +53,16 @@
|
|
| 52 |
});
|
| 53 |
|
| 54 |
if (!res.ok) {
|
| 55 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 |
error.set(errorMessage);
|
| 57 |
console.error("Error while creating conversation: ", errorMessage);
|
| 58 |
return;
|
|
@@ -78,8 +88,17 @@
|
|
| 78 |
|
| 79 |
onMount(async () => {
|
| 80 |
try {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 81 |
// Handle attachments parameter first
|
| 82 |
-
if (
|
| 83 |
const result = await loadAttachmentsFromUrls(page.url.searchParams);
|
| 84 |
files = result.files;
|
| 85 |
|
|
|
|
| 15 |
import { onMount, tick } from "svelte";
|
| 16 |
import { loading } from "$lib/stores/loading.js";
|
| 17 |
import { loadAttachmentsFromUrls } from "$lib/utils/loadAttachmentsFromUrls";
|
| 18 |
+
import { requireAuthUser } from "$lib/utils/auth";
|
| 19 |
|
| 20 |
let { data } = $props();
|
| 21 |
|
|
|
|
| 53 |
});
|
| 54 |
|
| 55 |
if (!res.ok) {
|
| 56 |
+
let errorMessage = ERROR_MESSAGES.default;
|
| 57 |
+
try {
|
| 58 |
+
const json = await res.json();
|
| 59 |
+
errorMessage = json.message || errorMessage;
|
| 60 |
+
} catch {
|
| 61 |
+
// Response wasn't JSON (e.g., HTML error page)
|
| 62 |
+
if (res.status === 401) {
|
| 63 |
+
errorMessage = "Authentication required";
|
| 64 |
+
}
|
| 65 |
+
}
|
| 66 |
error.set(errorMessage);
|
| 67 |
console.error("Error while creating conversation: ", errorMessage);
|
| 68 |
return;
|
|
|
|
| 88 |
|
| 89 |
onMount(async () => {
|
| 90 |
try {
|
| 91 |
+
// Check if auth is required before processing any query params
|
| 92 |
+
const hasQ = page.url.searchParams.has("q");
|
| 93 |
+
const hasPrompt = page.url.searchParams.has("prompt");
|
| 94 |
+
const hasAttachments = page.url.searchParams.has("attachments");
|
| 95 |
+
|
| 96 |
+
if ((hasQ || hasPrompt || hasAttachments) && requireAuthUser()) {
|
| 97 |
+
return; // Redirecting to login, will return to this URL after
|
| 98 |
+
}
|
| 99 |
+
|
| 100 |
// Handle attachments parameter first
|
| 101 |
+
if (hasAttachments) {
|
| 102 |
const result = await loadAttachmentsFromUrls(page.url.searchParams);
|
| 103 |
files = result.files;
|
| 104 |
|
src/routes/models/[...model]/+page.svelte
CHANGED
|
@@ -12,6 +12,7 @@
|
|
| 12 |
import { pendingMessage } from "$lib/stores/pendingMessage";
|
| 13 |
import { sanitizeUrlParam } from "$lib/utils/urlParams";
|
| 14 |
import { loadAttachmentsFromUrls } from "$lib/utils/loadAttachmentsFromUrls";
|
|
|
|
| 15 |
|
| 16 |
let { data } = $props();
|
| 17 |
|
|
@@ -64,8 +65,17 @@
|
|
| 64 |
|
| 65 |
onMount(async () => {
|
| 66 |
try {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 67 |
// Handle attachments parameter first
|
| 68 |
-
if (
|
| 69 |
const result = await loadAttachmentsFromUrls(page.url.searchParams);
|
| 70 |
files = result.files;
|
| 71 |
|
|
|
|
| 12 |
import { pendingMessage } from "$lib/stores/pendingMessage";
|
| 13 |
import { sanitizeUrlParam } from "$lib/utils/urlParams";
|
| 14 |
import { loadAttachmentsFromUrls } from "$lib/utils/loadAttachmentsFromUrls";
|
| 15 |
+
import { requireAuthUser } from "$lib/utils/auth";
|
| 16 |
|
| 17 |
let { data } = $props();
|
| 18 |
|
|
|
|
| 65 |
|
| 66 |
onMount(async () => {
|
| 67 |
try {
|
| 68 |
+
// Check if auth is required before processing any query params
|
| 69 |
+
const hasQ = page.url.searchParams.has("q");
|
| 70 |
+
const hasPrompt = page.url.searchParams.has("prompt");
|
| 71 |
+
const hasAttachments = page.url.searchParams.has("attachments");
|
| 72 |
+
|
| 73 |
+
if ((hasQ || hasPrompt || hasAttachments) && requireAuthUser()) {
|
| 74 |
+
return; // Redirecting to login, will return to this URL after
|
| 75 |
+
}
|
| 76 |
+
|
| 77 |
// Handle attachments parameter first
|
| 78 |
+
if (hasAttachments) {
|
| 79 |
const result = await loadAttachmentsFromUrls(page.url.searchParams);
|
| 80 |
files = result.files;
|
| 81 |
|