Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Folders API return a 403 unauthorized when accessing using "viewLogViewer" Gate (User null) #366

Closed
denistorresan opened this issue Apr 24, 2024 · 2 comments
Closed

Folders API return a 403 unauthorized when accessing using "viewLogViewer" Gate (User null) #366

denistorresan opened this issue Apr 24, 2024 · 2 comments

Comments

@denistorresan
Copy link

Hello,
I found a problem related to API call when APP_ENV = production.
I configured Auth in this way:

  1. On AppServiceProvider.php I added the following code:
    public function boot(): void  {
        Gate::define('viewLogViewer', function (?User $user) {
            var_dump($user);  // <-- this is null only when called from /api/folders AJAX call.

            return $user && $user->hasRole('administrator');
        });
    }

This works great when I try to access the /log-viewer routes, but there's some AJAX call inside this page like "/api/folders?direction=desc" that goes on 403 unhautorized because $user is null.

The log-viewer.php configuration about middlewere is the default:

    'middleware' => [
        'web',
        \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
    ],

    /*
    |--------------------------------------------------------------------------
    | Log Viewer API middleware.
    |--------------------------------------------------------------------------
    | Optional middleware to use on every API request. The same API is also
    | used from within the Log Viewer user interface.
    |
    */

    'api_middleware' => [
        \Opcodes\LogViewer\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        \Opcodes\LogViewer\Http\Middleware\AuthorizeLogViewer::class,
    ],

In the following screenshot I'm able to reach the log-viewer page, but the AJAX call fails.

2024-04-24_12h40_49
@arukompas
Copy link
Contributor

hey @denistorresan , make sure your APP_URL matches the domain:port that you're browsing. From the screenshot I can see it's localhost:8100, so make sure that's the value of APP_URL.

Alternatively, you can also set LOG_VIEWER_API_STATEFUL_DOMAINS environment variable with a comma-separated list of allowed domains (with ports if other than 80/443). For example:

LOG_VIEWER_API_STATEFUL_DOMAINS=localhost:8100,localhost,localhost:8080,myapp.test

@arukompas
Copy link
Contributor

Just FYI, I have added the above to the docs as well, hopefully will help newcomers when setting up Log Viewer to be used in production or any non-standard local setup:

https://log-viewer.opcodes.io/docs/3.x/configuration/route-and-domain#production-domains

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@denistorresan @arukompas