soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway/services): admin node/render pages 500 — redirect loop + is_admin claim
Build backend images / build content-svc (push) Failing after 56s
Details
Build backend images / build file-svc (push) Failing after 54s
Details
Build backend images / build gateway (push) Failing after 55s
Details
Build backend images / build identity-svc (push) Failing after 48s
Details
Build backend images / build notification-svc (push) Failing after 55s
Details
Build backend images / build render-svc (push) Failing after 57s
Details
Build backend images / build studio-svc (push) Failing after 44s
Details

Browse Source 
- gateway proxy: trim trailing slash before forwarding upstream. gin's
  RedirectTrailingSlash adds /nodes → /nodes/ while render-svc redirects
  /nodes/ → /nodes, forming an infinite redirect loop (admin pages 500'd)
- accept is_admin as bool OR string "true" in render/file/notification/gateway
  auth middleware (identity emits it as a string) — admin endpoints were 403'ing

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-02 11:26:44 +03:30
parent 1aacf8bd5d
commit cd95ca2c6f
5 changed files with 44 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/render/internal/middleware/auth.go
+9 -1
View File
@@ -43,7 +43,15 @@ func JWTAuth(secret string) gin.HandlerFunc {
}
userID, _ := uuid.Parse(fmt.Sprintf("%v", claims["sub"]))
tenantID, _ := uuid.Parse(fmt.Sprintf("%v", claims["tenant_id"]))
isAdmin, _ := claims["is_admin"].(bool)
// is_admin may arrive as a JSON bool or as the string "true" (identity emits a
// string). Accept both so [RequireAdmin] works regardless of token encoding.
isAdmin := false
switch v := claims["is_admin"].(type) {
case bool:
isAdmin = v
case string:
isAdmin = v == "true"
}
role, _ := claims["role"].(string)
c.Set(CtxUserID, userID)