Skip to content

fix(auth): allow root path to redirect to UI without auth #158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AbirAbbas merged 1 commit into from
Jan 22, 2026
Merged

fix(auth): allow root path to redirect to UI without auth #158

AbirAbbas merged 1 commit into from
Jan 22, 2026

Conversation

@AbirAbbas
Copy link
Contributor

@AbirAbbas AbirAbbas commented Jan 22, 2026

Summary

  • Fixes UX issue where accessing localhost:8080 with auth enabled returns {"error":"unauthorized"} instead of redirecting to the UI login page

Changes Made

  • Added root path / to the auth middleware's skip list in auth.go
  • The root path only performs a redirect to /ui/, no sensitive data is exposed

Security Note

This change is safe because:

  • / only redirects to /ui/ (no data access)
  • /ui/* was already in the skip list (serves static React files)
  • All API endpoints (/api/v1/*) still require authentication
  • The React app handles auth prompting for actual API calls

Test Plan

  • Start control plane with AGENTFIELD_API_AUTH_API_KEY=secret
  • Visit localhost:8080 → should redirect to /ui/
  • UI should prompt for API key
  • API calls without key should still fail

🤖 Generated with Claude Code

@AbirAbbas @claude
fix(auth): allow root path to redirect to UI without auth
4e6423b 
When auth is enabled, accessing localhost:8080 directly would return
{"error":"unauthorized"} instead of redirecting to /ui/ where the
React app prompts for the API key.

The fix adds "/" to the auth middleware's skip list. This is safe
because the root path only performs a redirect to /ui/ - no data
is exposed.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@AbirAbbas AbirAbbas merged commit e3a0991 into main Jan 22, 2026
21 checks passed
@AbirAbbas AbirAbbas deleted the fix/root-path-redirect-auth branch January 22, 2026 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AbirAbbas