watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-04 04:37:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #3706 from metaloozee/3703
Some checks failed
Node.js CI / build (postgresql, 18.18, 10) (push) Has been cancelled
Details

Browse source 
fix: Redirect loop on auth failure
This commit is contained in:
Mike Cao 2025-11-08 11:32:02 -08:00 committed by GitHub
commit 227201a73c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 79 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

58
.github/workflows/cd-manual.yml vendored
View file

@ -1,58 +0,0 @@
name: Create docker images (manual)
on:
workflow_dispatch:
inputs:
version:
type: string
description: Version
required: true
jobs:
build:
name: Build, push, and deploy
runs-on: ubuntu-latest
strategy:
matrix:
db-type: [postgresql]
steps:
- uses: actions/checkout@v3
- name: Extract version parts from input
id: extract_version
run: |
echo "version=$(echo ${{ github.event.inputs.version }})" >> $GITHUB_ENV
echo "major=$(echo ${{ github.event.inputs.version }} | cut -d. -f1)" >> $GITHUB_ENV
echo "minor=$(echo ${{ github.event.inputs.version }} | cut -d. -f2)" >> $GITHUB_ENV
- name: Generate tags
id: generate_tags
run: |
echo "tag_major=$(echo ${{ matrix.db-type }}-${{ env.major }})" >> $GITHUB_ENV
echo "tag_minor=$(echo ${{ matrix.db-type }}-${{ env.major }}.${{ env.minor }})" >> $GITHUB_ENV
echo "tag_patch=$(echo ${{ matrix.db-type }}-${{ env.version }})" >> $GITHUB_ENV
echo "tag_latest=$(echo ${{ matrix.db-type }}-latest)" >> $GITHUB_ENV
- uses: mr-smithers-excellent/docker-build-push@v6
name: Build & push Docker image to ghcr.io for ${{ matrix.db-type }}
with:
image: umami
tags: ${{ env.tag_major }}, ${{ env.tag_minor }}, ${{ env.tag_patch }}, ${{ env.tag_latest }}
buildArgs: DATABASE_TYPE=${{ matrix.db-type }}
registry: ghcr.io
multiPlatform: true
platform: linux/amd64,linux/arm64
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: mr-smithers-excellent/docker-build-push@v6
name: Build & push Docker image to docker.io for ${{ matrix.db-type }}
with:
image: umamisoftware/umami
tags: ${{ env.tag_major }}, ${{ env.tag_minor }}, ${{ env.tag_patch }}, ${{ env.tag_latest }}
buildArgs: DATABASE_TYPE=${{ matrix.db-type }}
registry: docker.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

112
.github/workflows/cd.yml vendored
View file

@ -5,6 +5,11 @@ on:
tags: tags:
- 'v*.*.*' - 'v*.*.*'
workflow_dispatch: workflow_dispatch:
inputs:
version:
description: 'Optional image version (e.g. 3.0.0, v3.0.0, or 3.0.0-beta.1)'
required: false
default: ''
jobs: jobs:
build: build:
@ -13,22 +18,20 @@ jobs:
permissions: permissions:
contents: read contents: read
packages: write packages: write
id-token: write
strategy:
matrix:
db-type: [postgresql]
steps: steps:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
# Install cosign (for image signing)
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Log into GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log into Docker Hub - name: Log into Docker Hub
if: github.repository == 'umami-software/umami' if: github.repository == 'umami-software/umami'
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -37,44 +40,61 @@ jobs:
username: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
- name: Log into GHCR - name: Compute version tags
uses: docker/login-action@v3 id: compute
with: run: |
registry: ghcr.io INPUT="${{ github.event.inputs.version }}"
username: ${{ github.actor }} REF_TYPE="${{ github.ref_type }}"
password: ${{ secrets.GITHUB_TOKEN }} REF_NAME="${{ github.ref_name }}"
- name: Extract Docker metadata # Determine version source
id: meta if [[ -n "$INPUT" ]]; then
uses: docker/metadata-action@v5 VERSION="${INPUT#v}"
with: elif [[ "$REF_TYPE" == "tag" ]]; then
images: | VERSION="${REF_NAME#v}"
umamisoftware/umami,enable=${{ github.repository == 'umami-software/umami' }} else
ghcr.io/${{ github.repository }} VERSION=""
flavor: | fi
latest=auto
prefix=${{ matrix.db-type }}- TAGS=""
tags: |
type=semver,pattern={{version}} if [[ -n "$VERSION" ]]; then
type=semver,pattern={{major}}.{{minor}} MAJOR=$(echo "$VERSION" | cut -d. -f1)
type=semver,pattern={{major}} MINOR=$(echo "$VERSION" | cut -d. -f2)
if [[ "$VERSION" == *-* ]]; then
# prerelease: only version tag
TAGS="$VERSION"
else
# stable release: version + hierarchy + latest
TAGS="$VERSION,${MAJOR}.${MINOR},${MAJOR},postgresql-latest,latest"
fi
else
# Non-tag build (e.g. from main branch)
TAGS="${REF_NAME}"
fi
echo "tags=$TAGS" >> $GITHUB_OUTPUT
echo "Computed tags: $TAGS"
- name: Build and push Docker image - name: Build and push Docker image
id: build-and-push run: |
uses: docker/build-push-action@v6 TAGS="${{ steps.compute.outputs.tags }}"
with:
context: .
platforms: linux/amd64,linux/arm64
build-args: DATABASE_TYPE=${{ matrix.db-type }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
# Sign the published image digest # Set image targets conditionally
- name: Sign the published Docker image if [[ "${{ github.repository }}" == "umami-software/umami" ]]; then
env: IMAGES=("umamisoftware/umami" "ghcr.io/${{ github.repository }}")
TAGS: ${{ steps.meta.outputs.tags }} else
DIGEST: ${{ steps.build-and-push.outputs.digest }} IMAGES=("ghcr.io/${{ github.repository }}")
run: echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}" fi
for IMAGE in "${IMAGES[@]}"; do
echo "Building and pushing $IMAGE with tags: $TAGS"
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
$(echo "$TAGS" | tr ',' '\n' | sed "s|^|--tag ${IMAGE}:|") \
--cache-from type=gha \
--cache-to type=gha,mode=max \
.
done

22
.github/workflows/delete-untagged-images.yml vendored
View file

@ -1,22 +0,0 @@
name: Delete untagged GHCR images
on:
workflow_dispatch: # Run manually from the Actions tab
jobs:
cleanup:
name: Delete all untagged images
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- name: Delete untagged GHCR images
uses: actions/delete-package-versions@v5
with:
package-name: "umami" # 👈 change if your GHCR package name differs
package-type: "container"
delete-only-untagged-versions: true
min-versions-to-keep: 0

2
README.md
View file

@ -89,7 +89,7 @@ docker compose up -d
Alternatively, to pull just the Umami Docker image with PostgreSQL support: Alternatively, to pull just the Umami Docker image with PostgreSQL support:
```bash ```bash
docker pull docker.umami.is/umami-software/umami:postgresql-latest docker pull docker.umami.is/umami-software/umami:latest
``` ```
--- ---

2
docker-compose.yml
View file

@ -1,7 +1,7 @@
--- ---
services: services:
umami: umami:
image: ghcr.io/umami-software/umami:postgresql-latest image: ghcr.io/umami-software/umami:latest
ports: ports:
- "3000:3000" - "3000:3000"
environment: environment:

8
src/app/(main)/App.tsx
View file

@ -9,18 +9,14 @@ import { MobileNav } from '@/app/(main)/MobileNav';
export function App({ children }) { export function App({ children }) {
const { user, isLoading, error } = useLoginQuery(); const { user, isLoading, error } = useLoginQuery();
const config = useConfig(); const config = useConfig();
const { pathname, router } = useNavigation(); const { pathname } = useNavigation();
if (isLoading || !config) { if (isLoading || !config) {
return <Loading placement="absolute" />; return <Loading placement="absolute" />;
} }
if (error) { if (error) {
if (process.env.cloudMode) { window.location.href = '/login';
window.location.href = '/login';
} else {
router.push('/login');
}
return null; return null;
} }

2
src/app/logout/LogoutPage.tsx
View file

@ -13,7 +13,7 @@ export function LogoutPage() {
async function logout() { async function logout() {
await post('/auth/logout'); await post('/auth/logout');
router.push('/login'); window.location.href = '/login';
} }
removeClientAuthToken(); removeClientAuthToken();

16
src/lib/__tests__/detect.test.ts
View file

@ -1,4 +1,4 @@
import * as detect from '../detect'; import { getIpAddress } from '../ip';
const IP = '127.0.0.1'; const IP = '127.0.0.1';
const BAD_IP = '127.127.127.127'; const BAD_IP = '127.127.127.127';
@ -6,23 +6,23 @@ const BAD_IP = '127.127.127.127';
test('getIpAddress: Custom header', () => { test('getIpAddress: Custom header', () => {
process.env.CLIENT_IP_HEADER = 'x-custom-ip-header'; process.env.CLIENT_IP_HEADER = 'x-custom-ip-header';
expect(detect.getIpAddress(new Headers({ 'x-custom-ip-header': IP }))).toEqual(IP); expect(getIpAddress(new Headers({ 'x-custom-ip-header': IP }))).toEqual(IP);
}); });
test('getIpAddress: CloudFlare header', () => { test('getIpAddress: CloudFlare header', () => {
expect(detect.getIpAddress(new Headers({ 'cf-connecting-ip': IP }))).toEqual(IP); expect(getIpAddress(new Headers({ 'cf-connecting-ip': IP }))).toEqual(IP);
}); });
test('getIpAddress: Standard header', () => { test('getIpAddress: Standard header', () => {
expect(detect.getIpAddress(new Headers({ 'x-forwarded-for': IP }))).toEqual(IP); expect(getIpAddress(new Headers({ 'x-forwarded-for': IP }))).toEqual(IP);
}); });
test('getIpAddress: CloudFlare header is lower priority than standard header', () => { test('getIpAddress: CloudFlare header is lower priority than standard header', () => {
expect( expect(getIpAddress(new Headers({ 'cf-connecting-ip': BAD_IP, 'x-forwarded-for': IP }))).toEqual(
detect.getIpAddress(new Headers({ 'cf-connecting-ip': BAD_IP, 'x-forwarded-for': IP })), IP,
).toEqual(IP); );
}); });
test('getIpAddress: No header', () => { test('getIpAddress: No header', () => {
expect(detect.getIpAddress(new Headers())).toEqual(null); expect(getIpAddress(new Headers())).toEqual(null);
}); });