fix(vnc): handle expired setup sessions on VNC UI API calls#253
fix(vnc): handle expired setup sessions on VNC UI API calls#253KrasimirKralev wants to merge 1 commit into
Conversation
Closes ID-Robots#231. The VNC panel's setup-api calls assumed a JSON body; on an expired session middleware returns 401 (JSON clients) or 307s to /login (HTML clients), so a followed redirect handed res.json() a login page and surfaced a confusing parse error β or, in the reboot poll loop, span to the 5-minute timeout. - New src/lib/setup-auth.ts: JSON_ACCEPT_HEADERS + isAuthExpired(res) (401 or a redirect whose final path is /login). - All six VNC setup-api calls now send Accept: application/json (so middleware answers 401, not a login redirect) and check isAuthExpired before parsing: availability probe, install/repair, post-repair reboot, the reboot poll loop (now halts instead of timing out), and clipboard read/write. - Expired session flips the error panel to a clear 'session expired' message with a 'Sign in again' action instead of retry/repair. - Unit tests cover the 401 path and the redirected-to-/login path (plus active-session and non-login-redirect negatives). Verified: on device/CI (no local node_modules on the dev box).
|
Warning Review limit reached
Next review available in: 1 minute Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review detailsβοΈ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: π Files selected for processing (3)
β¨ Finishing Touchesπ§ͺ Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
π¦ ClawReviewYour friendly reef crab, here with the lay of the land. This fix patches a silent failure in the VNC panel where expired setup sessions caused confusing 'Unexpected token <' parse errors (fetch follows the middleware's login redirect and hands a HTML page to res.json()). A new tiny utility β setup-auth.ts β centralises session-expiry detection for both the 401 and redirect-to-/login shapes, and all six /setup-api/* calls in VNCApp.tsx now check it before parsing. Users now see a clear 'Sign in again' button instead of a cryptic parse error or a reboot-poll loop that would spin all the way to its five-minute timeout. At a glance
Good to know
β ClawReview π¦. I set the scene; CodeRabbit reviews the code; you decide. Conventions: docs. |
Closes #231.
Problem
The VNC panel's
/setup-api/*calls assume a JSON body. On an expired session,src/middleware.ts(250-258) returns 401 to JSON clients or 307-redirects to/loginotherwise. Sincefetchfollows the redirect,res.json()was handed a login HTML page β a confusingUnexpected token <error (thecheckVncavailability probe), or β in the post-repair reboot poll β the loop spun to its 5-minute timeout instead of stopping.Fix
src/lib/setup-auth.tsβJSON_ACCEPT_HEADERS+isAuthExpired(res)(true on401, or a followed redirect whose final path is/login).Accept: application/json(so middleware answers with a clean 401 instead of a redirect) and checkisAuthExpiredbefore parsing: availability probe, install/repair, post-repair reboot, the reboot poll loop (now halts instead of timing out), and clipboard read + write.Tests
src/tests/unit/setup-auth.test.tscovers the 401 path and the redirected-to-/loginpath (plus active-session and non-login-redirect negatives) β the two paths the issue's acceptance criteria call for.Acceptance criteria