Setup basic auth guard

2025-12-26 05:48:36 +08:00 · 2024-10-16 12:25:48 +04:00 · 2024-10-16 12:25:48 +04:00 · 5c798fe7a6
commit 5c798fe7a6
parent 8a93da51be
3 changed files with 46 additions and 1 deletions
--- a/frontend/public/waitlist.json
+++ b/frontend/public/waitlist.json
@ -0,0 +1,3 @@
+{
+  "users": []
+}
--- a/frontend/src/routes/app.tsx
+++ b/frontend/src/routes/app.tsx
@ -7,6 +7,7 @@ import {
  json,
  ClientActionFunctionArgs,
  useRouteLoaderData,
+  redirect,
 } from "@remix-run/react";
 import { useDispatch, useSelector } from "react-redux";
 import WebSocket from "ws";
@ -42,6 +43,7 @@ import { base64ToBlob } from "#/utils/base64-to-blob";
 import { clientLoader as rootClientLoader } from "#/root";
 import { clearJupyter } from "#/state/jupyterSlice";
 import { FilesProvider } from "#/context/files";
+import { isAuthorized } from "#/utils/is-authorized";

 const isAgentStateChange = (
  data: object,
@ -51,6 +53,12 @@ const isAgentStateChange = (
  "agent_state" in data.extras;

 export const clientLoader = async () => {
+  const ghToken = localStorage.getItem("ghToken");
+  const isSaas = import.meta.env.VITE_APP_MODE === "saas";
+
+  const userIsAuthorized = await isAuthorized(isSaas, ghToken);
+  if (!userIsAuthorized) return redirect("/waitlist");
+
  const q = store.getState().initalQuery.initialQuery;
  const repo =
    store.getState().initalQuery.selectedRepository ||
@ -59,7 +67,6 @@ export const clientLoader = async () => {

  const settings = getSettings();
  const token = localStorage.getItem("token");
-  const ghToken = localStorage.getItem("ghToken");

  if (token && importedProject) {
    const blob = base64ToBlob(importedProject);
--- a/frontend/src/utils/is-authorized.ts
+++ b/frontend/src/utils/is-authorized.ts
@ -0,0 +1,35 @@
+import { retrieveGitHubUser, isGitHubErrorReponse } from "#/api/github";
+
+type WaitlistUser = {
+  handle: string;
+};
+
+/**
+ * Check if the user is authorized. For now this is used in the SaaS mode to check if the user is in the waitlist.
+ * @param ghToken The GitHub token
+ * @returns A boolean indicating if the user is authorized
+ */
+export const isAuthorized = async (isSaas: boolean, ghToken: string | null) => {
+  let waitlist: { users: WaitlistUser[] } = { users: [] };
+
+  try {
+    // @ts-expect-error - This is temporary, file may not exist
+    waitlist = await import("#/../public/waitlist.json");
+  } catch (e) {
+    // pass
+  }
+
+  if (isSaas) {
+    let user: GitHubUser | GitHubErrorReponse | null = null;
+    if (ghToken) user = await retrieveGitHubUser(ghToken);
+
+    if (!isGitHubErrorReponse(user)) {
+      const inWaitlist = waitlist.users.find((u) => u.handle === user?.login);
+      return inWaitlist;
+    }
+
+    return false;
+  }
+
+  return true;
+};