Customize initial 401 Unauthorized page (in a private setup)

[white-gecko]

In a private databus setup I'm greeted with a 401 Unauthorized page. For the coypu project we would like to customize the welcome page, even in a private setup to show some helpful information.

[varun-singh-0518]

can you elaborate on this issue? I want to check this one

[white-gecko]

Currently it looks like this:

I would like to set the title and some description text below. Also I would like to customize the background color of the welcome page. A bit similar to the dbpedia databus front page, but without the stats and the list of datasets.

[holycrab13]

for routes that need to be protected with authentication there is a middleware used in the nodejs express setup. E.g:

databus/server/app/api/routes/general.js

Line 58 in 05ac87f

router.post('/api/publish', protector.protect(true), async function (req, res, next) {

protector.protect() is the middleware call that checks authentication and redirects to a 401 in this case.
In private mode, this is slapped on everything:

databus/server/app/app.js

Line 70 in 05ac87f

app.all('*', protector.protect(true, function (req, res) {

Since this also applied to read-only pages (that are never protected in non-private mode) it also returns an HTML representation of the 401 response.

This is cool, except for the landing page that should still be customizable to some degree. I think it should use the customizable header of the default page. The customizable header is a feature that I am currently still working on. I will rush this, so this issue can be implemented

You can already implement this though and copy the current header of the landing page (index.ejs)

[varun-singh-0518]

what should i define in this function to return it for read only pages.?

function isReadOnlyRoute(req) {
return req.path.startsWith('/read-only/');
}

//Here , i updated this to only apply this feature to pages which are not read only

app.all('*', function (req, res, next) {
  // Check if the application is in private mode
  if (process.env.DATABUS_PRIVATE_MODE == "true") {
    // Check if the route is read-only
    if (!isReadOnlyRoute(req)) {
      // Apply the global middleware for non-read-only routes
      return protector.protect(true, function (req, res) {
        if (protector.isBrowserRequest(req)) {
          var data = {}
          data.auth = ServerUtils.getAuthInfoFromRequest(req);
          res.status(401).render('unauthorized', {
            title: 'Unauthorized',
            data: data,
          });
        } else {
          res.status(401).send();
        }
      })(req, res, next);
    }
  }

  // For read-only routes or when not in private mode, handle the logic accordingly
  next();
});

[holycrab13]

My explanation might have been misleading, there is no change or check needed for "read only". Private mode is supposed to route EVERYTHING to 401, nobody should see what is there except for authenticated users.

The task is about creating an exception for the landing page at the root path "/".

Expected behaviour:

• non-HTML requests (e.g. done with curl) return 401 for all routes
• HTML requests return the 401 HTML page
• HTML request to the frontpage returns a custom 401 HTML page that includes the banner of the normal front page

My next merge will make the banner be contained in its own file banner.ejs that can be included into any other ejs file, such as a special private mode landing page.

[LucasGazetta]

Hey, would love to give it a go

[holycrab13]

Okay, the dev branch has received some updates on this. The banner will now be held in a banner.ejs file (https://github.com/dbpedia/databus/blob/dev/public/templates/banner.ejs)

A custom 401 frontpage should include the banner via the ejs include syntax