fix(devtools): failing auth status checks

.changeset/hip-ears-shave.md

@@ -0,0 +1,10 @@
+---
+"@refinedev/devtools-server": patch
+"@refinedev/devtools-ui": patch
+---
+
+fix(devtools-server): missing header check on auth requests
+
+Devtools was failing to determine the auth status and always end up redirecting to the login page regardless of the actual auth status. This was due to the missing check on the auth request that was causing all valid responses treated as unauthenticated.
+
+Resolves [#6047](https://github.com/refinedev/refine/issues/6047)

.changeset/wet-pianos-arrive.md

@@ -0,0 +1,10 @@
+---
+"@refinedev/cli": patch
+"@refinedev/devtools": patch
+---
+
+fix(devtools): failing authentication checks
+
+Devtools was failing on determining the auth status and always ended up redirecting to the login page or the onboarding step regardless of the actual authentication status.
+
+Resolves [#6047](https://github.com/refinedev/refine/issues/6047)

packages/devtools-server/package.json

@@ -38,7 +38,7 @@
     "build": "pnpm build:client && tsup && node ../shared/generate-declarations.js",
     "build:client": "NODE_ENV=production tsc && vite build --config src/client/vite.config.ts",
     "dev": "pnpm dev:client & tsup --watch",
-    "dev:client": "vite build --watch --force --config src/client/vite.config.ts",
+    "dev:client": "vite build --watch --config src/client/vite.config.ts",
     "prepare": "pnpm -w build --scope @refinedev/devtools-server",
     "publint": "publint --strict=true --level=suggestion",
     "start:server": "node dist/cli.cjs",

packages/devtools-server/src/serve-proxy.ts

@@ -173,6 +173,7 @@ export const serveProxy = async (app: Express) => {
       if (proxyRes.statusCode === 401) {
         res.writeHead(200, {
           ...proxyRes.headers,
+          "Refine-Is-Authenticated": "false",
           "Access-Control-Expose-Headers": `Refine-Is-Authenticated, ${proxyRes.headers["Access-Control-Expose-Headers"]}`,
         });
       } else {

packages/devtools-ui/src/components/header-auth-status.tsx

@@ -68,6 +68,7 @@ export const HeaderAuthStatus = () => {
           <Gravatar
             email={me?.email ?? ""}
             size={32}
+            protocol="https://"
             style={{ borderRadius: "50%" }}
           />
           <div

packages/devtools-ui/src/utils/auth.ts

@@ -3,8 +3,11 @@ import { ory } from "./ory";
 export const isAuthenticated = async () => {
   try {
     const response = await ory.toSession();
-    const headerAuth = Boolean(response.headers["Refine-Is-Authenticated"]);
-    return headerAuth;
+    const authenticatedHeader = response.headers["refine-is-authenticated"];
+    if (authenticatedHeader === "false") {
+      return false;
+    }
+    return true;
   } catch (error: any) {
     return false;
   }

packages/devtools-ui/src/utils/me.ts

@@ -8,9 +8,13 @@ export const getMe = async () => {
   try {
     const response = await fetch("/api/.refine/users/me");
 
-    const data = (await response.json()) as MeResponse;
+    if (response.ok) {
+      const data = (await response.json()) as MeResponse;
 
-    return data;
+      return data;
+    }
+
+    return null;
   } catch (_) {
     //
   }