Fix admin setup endpoint request body parsing#58
Merged
JoshuaAFerguson merged 4 commits intoNov 17, 2025
Merged
Conversation
The SanitizeJSONMiddleware was consuming the request body without restoring it, causing subsequent handlers to receive empty bodies. This broke the setup admin endpoint which requires access to the request body for validation. Changes: - Modified SanitizeJSONMiddleware to read body with io.ReadAll - Restore body using io.NopCloser before calling Next() - Use json.Unmarshal instead of c.ShouldBindJSON to avoid consumption - Removed debug logging from setup handler (no longer needed) - Removed unused imports (bytes, io) from setup handler This fix ensures the request body is available to all handlers in the middleware chain, resolving the "EOF" error when submitting the setup form.
The AuthHandler.RegisterRoutes was creating an extra /auth group when
it was already being called with /api/v1/auth from main.go, causing
login and other auth endpoints to be registered at /api/v1/auth/auth/*
instead of /api/v1/auth/*.
This resulted in 404 errors when trying to access:
- POST /api/v1/auth/login
- POST /api/v1/auth/refresh
- POST /api/v1/auth/logout
- SAML endpoints
Changes:
- Removed the router.Group("/auth") wrapper in RegisterRoutes
- Routes now register directly on the provided router parameter
- Added comment clarifying that router is already /api/v1/auth
This ensures auth endpoints are accessible at the correct paths.
The CORS middleware was not allowing WebSocket-specific headers, causing WebSocket upgrade requests to fail with CORS errors. Changes: - Added Upgrade, Connection headers for WebSocket protocol switch - Added Sec-WebSocket-Key for handshake validation - Added Sec-WebSocket-Version for protocol version negotiation - Added Sec-WebSocket-Extensions for extension negotiation - Added Sec-WebSocket-Protocol for subprotocol selection This fix allows WebSocket connections to properly upgrade from HTTP, resolving the "WebSocket Connection Error" on the frontend.
Fixed two critical issues preventing WebSocket connections: 1. WebSocket Origin Check (websocket.go): - Changed from ALLOWED_ORIGINS to CORS_ALLOWED_ORIGINS env var - Now uses same environment variable and logic as CORS middleware - Defaults to localhost:3000 and localhost:8000 when not configured - Ensures consistent origin validation across HTTP and WebSocket 2. Authentication Middleware (middleware.go): - Added special handling for WebSocket upgrade requests - Detects WebSocket upgrade via Upgrade and Connection headers - Returns HTTP status codes without JSON body for WebSocket requests - Prevents breaking WebSocket handshake with JSON responses - Auth failures now properly handled by WebSocket upgrader Why These Fixes Were Needed: - WebSocket origin check was using different env var, causing rejection - Auth middleware was writing JSON responses during WebSocket upgrade - JSON responses break the WebSocket handshake protocol - Connection would fail before upgrade could complete This resolves the "WebSocket Connection Error" preventing real-time updates in the frontend.
JoshuaAFerguson
deleted the
claude/fix-setup-request-parsing-01NFyvsJQuGRyybrYuH55eyt
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.