Clean up middleware, add security-headers to non-Zammad pages

2024-09-04 12:09:28 +02:00 · 2024-09-04 12:09:28 +02:00 · 8c6e954fdf
commit 8c6e954fdf
parent 027aac3a92
9 changed files with 81 additions and 62 deletions
--- a/apps/link/app/_components/MultiProvider.tsx
+++ b/apps/link/app/_components/MultiProvider.tsx
@ -9,7 +9,7 @@ import { AdapterDateFns } from "@mui/x-date-pickers-pro/AdapterDateFnsV3";
 import { LocalizationProvider } from "@mui/x-date-pickers-pro";
 import { LicenseInfo } from "@mui/x-license";
 import { locales, LeafcutterProvider } from "@link-stack/leafcutter-ui";
-import { CSRFProvider } from "./CSRFProvider";
+import { ZammadLoginProvider } from "./ZammadLoginProvider";

 LicenseInfo.setLicenseKey(
  "c787ac6613c5f2aa0494c4285fe3e9f2Tz04OTY1NyxFPTE3NDYzNDE0ODkwMDAsUz1wcm8sTE09c3Vic2NyaXB0aW9uLEtWPTI=",
@ -22,7 +22,7 @@ export const MultiProvider: FC<PropsWithChildren> = ({ children }) => {
  return (
    <SessionProvider>
      <CssBaseline />
-      <CSRFProvider>
+      <ZammadLoginProvider>
        <CookiesProvider>
          <LocalizationProvider dateAdapter={AdapterDateFns}>
            <I18n locale={locale} messages={messages[locale]}>
@ -30,7 +30,7 @@ export const MultiProvider: FC<PropsWithChildren> = ({ children }) => {
            </I18n>
          </LocalizationProvider>
        </CookiesProvider>
-      </CSRFProvider>
+      </ZammadLoginProvider>
    </SessionProvider>
  );
 };
--- a/apps/link/app/_components/ZammadLoginProvider.tsx
+++ b/apps/link/app/_components/ZammadLoginProvider.tsx
@ -4,25 +4,19 @@ import { FC, PropsWithChildren, useEffect } from "react";
 import { useRouter } from "next/navigation";
 import { useSession } from "next-auth/react";

-export const CSRFProvider: FC<PropsWithChildren> = ({ children }) => {
+export const ZammadLoginProvider: FC<PropsWithChildren> = ({ children }) => {
  const { data: session, status, update } = useSession();
  const router = useRouter();

  useEffect(() => {
    const checkSession = async () => {
-      console.log("Checking session status...");
-      console.log(status);
      if (status === "authenticated") {
        const response = await fetch("/api/v1/users/me", {
          method: "GET",
        });

-        if (response.status !== 200 && !!router) {
-          console.log("redirecting");
+        if (response.status !== 200) {
          window.location.href = "/auth/sso";
-        } else {
-          const token = response.headers.get("CSRF-Token");
-          update({ zammadCsrfToken: token });
        }
      }
    };