ars/iiEsaywebUIapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(auth): Add proxy authentication WebView for server login

Browse Source
This commit is contained in:
cogwheel
2025-12-18 11:40:16 +05:30
parent 5b91616e35
commit 9da9f9e2b3
60 changed files with 1453 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

641
lib/features/auth/views/proxy_auth_page.dart Normal file
View File

@@ -0,0 +1,641 @@
import 'dart:io' show Platform;
import 'package:flutter/cupertino.dart';
import 'package:flutter/foundation.dart' show kIsWeb;
import 'package:flutter/material.dart';
import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:go_router/go_router.dart';
import 'package:webview_flutter/webview_flutter.dart';
import '../../../core/auth/native_cookie_manager.dart';
import '../../../core/auth/webview_cookie_helper.dart';
import '../../../core/models/server_config.dart';
import '../../../core/utils/debug_logger.dart';
import '../../../core/widgets/error_boundary.dart';
import '../../../shared/theme/theme_extensions.dart';
import '../../../shared/widgets/conduit_components.dart';
import 'package:conduit/l10n/app_localizations.dart';
/// Result of proxy authentication.
class ProxyAuthResult {
/// Whether authentication was successful.
final bool success;
/// Proxy session cookies to be injected into API requests.
final Map<String, String>? cookies;
/// JWT token if user is already authenticated via trusted headers.
/// When oauth2-proxy uses trusted headers, OpenWebUI auto-authenticates
/// the user after proxy auth, so no separate sign-in is needed.
final String? jwtToken;
const ProxyAuthResult({required this.success, this.cookies, this.jwtToken});
/// Creates a failed result.
const ProxyAuthResult.failed()
: success = false,
cookies = null,
jwtToken = null;
/// Creates a successful result with captured cookies.
const ProxyAuthResult.success({this.cookies, this.jwtToken}) : success = true;
/// Whether the user is fully authenticated (has JWT token).
bool get isFullyAuthenticated => jwtToken != null && jwtToken!.isNotEmpty;
}
/// Configuration for the proxy authentication flow.
class ProxyAuthConfig {
/// The server configuration to authenticate against.
final ServerConfig serverConfig;
/// Optional callback when proxy authentication completes successfully.
final VoidCallback? onAuthComplete;
const ProxyAuthConfig({required this.serverConfig, this.onAuthComplete});
}
/// Proxy Authentication page that uses a WebView to handle authentication
/// through reverse proxies like oauth2-proxy or Pangolin.
///
/// This page loads the server URL in a WebView, allowing users to authenticate
/// through the proxy. Once the proxy auth is complete (detected by reaching
/// the actual server), the proxy session cookies are captured and returned.
///
/// The user will then be redirected to the normal sign-in flow, where the
/// proxy cookies will be injected into API requests.
class ProxyAuthPage extends ConsumerStatefulWidget {
final ProxyAuthConfig config;
const ProxyAuthPage({super.key, required this.config});
@override
ConsumerState<ProxyAuthPage> createState() => _ProxyAuthPageState();
}
class _ProxyAuthPageState extends ConsumerState<ProxyAuthPage> {
WebViewController? _controller;
bool _isLoading = true;
bool _cookiesCaptured = false;
String? _error;
bool _isOnTargetServer = false;
@override
void initState() {
super.initState();
WidgetsBinding.instance.addPostFrameCallback((_) {
if (mounted) _initializeWebView();
});
}
@override
void dispose() {
_controller = null;
super.dispose();
}
Future<void> _initializeWebView() async {
if (!isWebViewSupported) {
if (!mounted) return;
final l10n = AppLocalizations.of(context);
setState(() {
_error =
l10n?.proxyAuthPlatformNotSupported ??
'Proxy authentication requires a mobile device. '
'Please authenticate through a browser first.';
_isLoading = false;
});
return;
}
final serverUrl = widget.config.serverConfig.url;
DebugLogger.auth('Initializing Proxy Auth WebView for $serverUrl');
final controller = WebViewController()
..setJavaScriptMode(JavaScriptMode.unrestricted)
..setNavigationDelegate(
NavigationDelegate(
onPageStarted: _onPageStarted,
onPageFinished: _onPageFinished,
onWebResourceError: _onWebResourceError,
onNavigationRequest: _onNavigationRequest,
),
)
..setUserAgent(_buildUserAgent());
// Don't clear cookies - preserve any existing proxy session
if (!mounted) return;
// Load the server URL - the proxy will intercept and show its login
await controller.loadRequest(Uri.parse(serverUrl));
if (!mounted) return;
setState(() {
_controller = controller;
});
}
String _buildUserAgent() {
if (!kIsWeb && Platform.isIOS) {
return 'Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) '
'AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1';
} else {
return 'Mozilla/5.0 (Linux; Android 14) '
'AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36';
}
}
void _onPageStarted(String url) {
if (!mounted) return;
DebugLogger.auth('Proxy auth page started: $url');
setState(() {
_isLoading = true;
_error = null;
});
}
Future<void> _onPageFinished(String url) async {
if (!mounted) return;
DebugLogger.auth('Proxy auth page finished: $url');
setState(() {
_isLoading = false;
});
if (_cookiesCaptured) return;
final uri = Uri.parse(url);
// Check for error parameter
final error = uri.queryParameters['error'];
if (error != null && error.isNotEmpty) {
DebugLogger.auth('Proxy auth error from URL: $error');
setState(() {
_error = error;
});
return;
}
// Check if we're on our target server
final serverUrl = widget.config.serverConfig.url;
final serverUri = Uri.parse(serverUrl);
if (uri.host == serverUri.host) {
// We've reached our server - proxy auth must be complete
_isOnTargetServer = true;
await _checkIfOpenWebUI();
}
}
/// Checks if we're on the OpenWebUI page and captures cookies if so.
Future<void> _checkIfOpenWebUI() async {
if (_cookiesCaptured || !mounted) return;
final controller = _controller;
if (controller == null) return;
try {
// Check if this is an OpenWebUI page by looking for specific elements
// or the /api/config endpoint being accessible
final result = await controller.runJavaScriptReturningResult(
'''
(function() {
// Check for OpenWebUI specific elements or title
var isOpenWebUI =
document.querySelector('div[class*="chat"]') !== null ||
document.querySelector('[data-testid]') !== null ||
document.title.toLowerCase().includes('open webui') ||
document.title.toLowerCase().includes('chat');
return isOpenWebUI ? "true" : "false";
})()
''',
);
if (!mounted) return;
final isOpenWebUI = result.toString().contains('true');
DebugLogger.auth(
'OpenWebUI detection: $isOpenWebUI (on target server: $_isOnTargetServer)',
);
// If we're on the target server, capture cookies
// The user might be on a login page or the main page
if (_isOnTargetServer) {
await _captureProxyCookies();
}
} catch (e) {
DebugLogger.log(
'OpenWebUI detection failed: ${e.toString().split('\n').first}',
scope: 'auth/proxy',
);
// If detection fails but we're on target server, still try to capture
if (_isOnTargetServer) {
try {
await _captureProxyCookies();
} catch (captureError) {
if (!mounted) return;
setState(() {
_error = captureError.toString();
});
}
}
}
}
/// Captures proxy session cookies and checks for JWT token.
///
/// When oauth2-proxy uses trusted headers (like X-Forwarded-Email),
/// OpenWebUI auto-authenticates the user after proxy auth. In this case,
/// we can capture the JWT token and skip the sign-in page entirely.
Future<void> _captureProxyCookies() async {
if (_cookiesCaptured || !mounted) return;
// Set flag immediately to prevent race conditions from rapid taps
// or multiple page finish events triggering concurrent calls
_cookiesCaptured = true;
try {
final serverUrl = widget.config.serverConfig.url;
DebugLogger.auth('Capturing proxy cookies for $serverUrl');
// Get cookies from native cookie store
final cookies = await NativeCookieManager.getCookiesForUrl(serverUrl);
if (!mounted) return;
DebugLogger.auth(
'Captured ${cookies.length} cookies: ${cookies.keys.toList()}',
);
if (cookies.isEmpty) {
DebugLogger.warning(
'No cookies captured - proxy may use HttpOnly cookies not accessible',
scope: 'auth/proxy',
);
}
// Check if OpenWebUI has already authenticated via trusted headers
// This happens when oauth2-proxy sets X-Forwarded-Email and OpenWebUI
// auto-creates/logs in the user
String? jwtToken = await _tryCaptureJwtToken();
// Notify callback if provided
widget.config.onAuthComplete?.call();
// Pop with success result, cookies, and possibly JWT token
if (!mounted) return;
context.pop(ProxyAuthResult.success(cookies: cookies, jwtToken: jwtToken));
} catch (e) {
// Reset flag on failure so user can retry
_cookiesCaptured = false;
DebugLogger.warning(
'Cookie capture failed: $e',
scope: 'auth/proxy',
);
rethrow;
}
}
/// Attempts to capture the JWT token from cookies or localStorage.
///
/// If the proxy uses trusted headers, OpenWebUI will have already
/// authenticated the user and set a JWT token.
Future<String?> _tryCaptureJwtToken() async {
final controller = _controller;
if (controller == null || !mounted) return null;
// Strategy 1: Check token cookie
try {
final cookieResult = await controller.runJavaScriptReturningResult(
'''
(function() {
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
if (cookie.startsWith("token=")) {
return cookie.substring(6);
}
}
return "";
})()
''',
);
if (!mounted) return null;
String tokenValue = _cleanJsString(cookieResult.toString());
if (_isValidJwtFormat(tokenValue)) {
DebugLogger.auth(
'Found JWT token in cookie - user already authenticated via '
'trusted headers',
);
return tokenValue;
}
} catch (e) {
DebugLogger.log(
'Cookie JWT check failed: ${e.toString().split('\n').first}',
scope: 'auth/proxy',
);
}
if (!mounted) return null;
// Strategy 2: Check localStorage
try {
final result = await controller.runJavaScriptReturningResult(
'localStorage.getItem("token")',
);
if (!mounted) return null;
String tokenValue = _cleanJsString(result.toString());
if (_isValidJwtFormat(tokenValue)) {
DebugLogger.auth(
'Found JWT token in localStorage - user already authenticated via '
'trusted headers',
);
return tokenValue;
}
} catch (e) {
DebugLogger.log(
'localStorage JWT check failed: ${e.toString().split('\n').first}',
scope: 'auth/proxy',
);
}
DebugLogger.auth(
'No JWT token found - proxy may not use trusted headers, '
'will proceed to normal sign-in',
);
return null;
}
String _cleanJsString(String value) {
if (value.startsWith('"') && value.endsWith('"')) {
return value.substring(1, value.length - 1);
}
return value;
}
bool _isValidJwtFormat(String value) {
if (value.isEmpty) return false;
final trimmed = value.trim();
if (trimmed == 'null' ||
trimmed == 'undefined' ||
trimmed == 'false' ||
trimmed == 'true') {
return false;
}
final segments = trimmed.split('.');
return segments.length == 3 && trimmed.length >= 50;
}
void _onWebResourceError(WebResourceError error) {
if (!mounted) return;
DebugLogger.error(
'proxy-webview-error',
scope: 'auth/proxy',
data: {
'errorCode': error.errorCode,
'description': error.description,
'errorType': error.errorType?.name,
},
);
if (error.isForMainFrame ?? false) {
setState(() {
_error = error.description;
_isLoading = false;
});
}
}
NavigationDecision _onNavigationRequest(NavigationRequest request) {
final url = request.url;
DebugLogger.auth('Proxy auth navigation request: $url');
return NavigationDecision.navigate;
}
Future<void> _refresh() async {
final controller = _controller;
if (controller == null || !mounted) return;
setState(() {
_isLoading = true;
_error = null;
_cookiesCaptured = false;
_isOnTargetServer = false;
});
if (!mounted) return;
await controller.loadRequest(Uri.parse(widget.config.serverConfig.url));
}
/// Manual completion button for when auto-detection doesn't work.
Future<void> _manualComplete() async {
try {
await _captureProxyCookies();
} catch (e) {
if (!mounted) return;
setState(() {
_error = e.toString();
});
}
}
@override
Widget build(BuildContext context) {
final l10n = AppLocalizations.of(context);
return ErrorBoundary(
child: Scaffold(
backgroundColor: context.conduitTheme.surfaceBackground,
extendBodyBehindAppBar: true,
appBar: FloatingAppBar(
leading: FloatingAppBarBackButton(
onTap: () => context.pop(const ProxyAuthResult.failed()),
),
title: FloatingAppBarTitle(
text: l10n?.proxyAuthentication ?? 'Proxy Authentication',
),
actions: [
if (_controller != null)
FloatingAppBarAction(
child: FloatingAppBarIconButton(
icon: Platform.isIOS ? CupertinoIcons.refresh : Icons.refresh,
onTap: _refresh,
),
),
],
),
body: SafeArea(child: _buildBody(l10n)),
),
);
}
Widget _buildBody(AppLocalizations? l10n) {
if (_error != null) {
return _buildErrorState(l10n);
}
if (_controller == null || !isWebViewSupported) {
return _buildLoadingState(l10n);
}
return Stack(
children: [
WebViewWidget(controller: _controller!),
if (_isLoading) _buildLoadingOverlay(l10n),
// Help text and manual continue button at the bottom
Positioned(
left: 0,
right: 0,
bottom: 0,
child: _buildHelpBanner(l10n),
),
],
);
}
Widget _buildHelpBanner(AppLocalizations? l10n) {
return Container(
padding: const EdgeInsets.all(Spacing.md),
decoration: BoxDecoration(
color: context.conduitTheme.surfaceContainer.withValues(alpha: 0.95),
border: Border(
top: BorderSide(
color: context.conduitTheme.dividerColor,
width: BorderWidth.standard,
),
),
),
child: Column(
mainAxisSize: MainAxisSize.min,
children: [
Row(
children: [
Icon(
Platform.isIOS ? CupertinoIcons.info : Icons.info_outline,
size: IconSize.small,
color: context.conduitTheme.iconSecondary,
),
const SizedBox(width: Spacing.sm),
Expanded(
child: Text(
l10n?.proxyAuthHelpTextSimple ??
'Sign in through your proxy. Once authenticated, '
'tap Continue to proceed to sign in.',
style: context.conduitTheme.bodySmall?.copyWith(
color: context.conduitTheme.textSecondary,
),
),
),
],
),
const SizedBox(height: Spacing.sm),
SizedBox(
width: double.infinity,
child: ConduitButton(
text: l10n?.continueButton ?? 'Continue',
icon:
Platform.isIOS
? CupertinoIcons.arrow_right
: Icons.arrow_forward,
onPressed: _manualComplete,
),
),
],
),
);
}
Widget _buildLoadingState(AppLocalizations? l10n) {
return Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: [
const CircularProgressIndicator.adaptive(),
const SizedBox(height: Spacing.lg),
Text(
l10n?.proxyAuthLoading ?? 'Loading authentication page...',
style: context.conduitTheme.bodyMedium?.copyWith(
color: context.conduitTheme.textSecondary,
),
),
],
),
);
}
Widget _buildLoadingOverlay(AppLocalizations? l10n) {
return Positioned.fill(
child: Container(
color: context.conduitTheme.surfaceBackground.withValues(alpha: 0.8),
child: Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: [
const CircularProgressIndicator.adaptive(),
const SizedBox(height: Spacing.lg),
Text(
l10n?.proxyAuthLoading ?? 'Loading...',
style: context.conduitTheme.bodyMedium?.copyWith(
color: context.conduitTheme.textSecondary,
),
),
],
),
),
),
);
}
Widget _buildErrorState(AppLocalizations? l10n) {
return Padding(
padding: const EdgeInsets.all(Spacing.pagePadding),
child: Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: [
Icon(
Platform.isIOS
? CupertinoIcons.exclamationmark_circle
: Icons.error_outline,
size: IconSize.xxl,
color: context.conduitTheme.error,
),
const SizedBox(height: Spacing.lg),
Text(
l10n?.proxyAuthFailed ?? 'Authentication failed',
style: context.conduitTheme.headingMedium,
textAlign: TextAlign.center,
),
const SizedBox(height: Spacing.sm),
Text(
_error ?? '',
style: context.conduitTheme.bodyMedium?.copyWith(
color: context.conduitTheme.textSecondary,
),
textAlign: TextAlign.center,
),
const SizedBox(height: Spacing.xl),
ConduitButton(
text: l10n?.retry ?? 'Retry',
icon: Platform.isIOS ? CupertinoIcons.refresh : Icons.refresh,
onPressed: _refresh,
),
const SizedBox(height: Spacing.md),
ConduitButton(
text: l10n?.back ?? 'Back',
icon: Platform.isIOS ? CupertinoIcons.back : Icons.arrow_back,
onPressed: () => context.pop(const ProxyAuthResult.failed()),
isSecondary: true,
),
],
),
),
);
}
}

319
lib/features/auth/views/server_connection_page.dart
View File

@@ -8,6 +8,7 @@ import 'package:flutter/services.dart';
import 'package:uuid/uuid.dart';
import 'package:conduit/l10n/app_localizations.dart';
import '../../../core/auth/webview_cookie_helper.dart';
import '../../../core/models/server_config.dart';
import '../../../core/providers/app_providers.dart';
import '../../../core/services/api_service.dart';
@@ -16,9 +17,11 @@ import '../../../core/services/input_validation_service.dart';
import '../../../core/services/navigation_service.dart';
import '../../../core/utils/debug_logger.dart';
import '../../../core/widgets/error_boundary.dart';
import '../providers/unified_auth_providers.dart';
import '../../../shared/services/brand_service.dart';
import '../../../shared/theme/theme_extensions.dart';
import '../../../shared/widgets/conduit_components.dart';
import 'proxy_auth_page.dart';
class ServerConnectionPage extends ConsumerStatefulWidget {
const ServerConnectionPage({super.key});
@@ -39,6 +42,7 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
bool _isConnecting = false;
bool _showAdvancedSettings = false;
bool _allowSelfSignedCertificates = false;
bool _serverBehindProxy = false;
@override
void initState() {
@@ -104,19 +108,46 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
workerManager: workerManager,
);
// First check basic connectivity
// If user indicated server is behind proxy, go directly to proxy auth
if (_serverBehindProxy) {
DebugLogger.log(
'User indicated server behind proxy, starting proxy auth',
scope: 'auth/connection',
);
await _handleProxyAuth(tempConfig, api, workerManager);
return;
}
// First check connectivity with proxy detection
DebugLogger.log('Checking server health...', scope: 'auth/connection');
final isReachable = await api.checkHealth();
final healthResult = await api.checkHealthWithProxyDetection();
DebugLogger.log(
'Health check result: $isReachable',
'Health check result: $healthResult',
scope: 'auth/connection',
);
if (!isReachable) {
// Handle proxy authentication requirement
if (healthResult == HealthCheckResult.proxyAuthRequired) {
DebugLogger.log(
'Server behind proxy detected, prompting for proxy auth',
scope: 'auth/connection',
);
await _handleProxyAuth(tempConfig, api, workerManager);
return;
}
if (healthResult == HealthCheckResult.unreachable) {
throw Exception(
'Could not reach the server. Please check the address.',
);
}
if (healthResult == HealthCheckResult.unhealthy) {
throw Exception(
'Server responded but may not be healthy. Please try again.',
);
}
// Then verify it's actually an OpenWebUI server and get its config
DebugLogger.log(
'Verifying OpenWebUI server...',
@@ -166,6 +197,204 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
}
}
/// Handles proxy authentication flow.
///
/// Opens the proxy auth page in a WebView where the user authenticates
/// through the proxy (oauth2-proxy, Pangolin, etc.).
///
/// After proxy auth completes, the cookies are captured and added to
/// the server config. Then the normal authentication flow proceeds.
Future<void> _handleProxyAuth(
ServerConfig tempConfig,
ApiService api,
WorkerManager workerManager,
) async {
// Check if WebView is supported
if (!isWebViewSupported) {
throw Exception(
AppLocalizations.of(context)?.proxyAuthPlatformNotSupported ??
'Proxy authentication requires a mobile device.',
);
}
// Show proxy auth page
final proxyConfig = ProxyAuthConfig(serverConfig: tempConfig);
if (!mounted) return;
final result = await context.pushNamed<ProxyAuthResult>(
RouteNames.proxyAuth,
extra: proxyConfig,
);
if (!mounted) return;
// If user cancelled or proxy auth failed, show error
if (result == null || !result.success) {
setState(() {
_connectionError =
AppLocalizations.of(context)?.proxyAuthFailed ??
'Proxy authentication was cancelled or failed.';
_isConnecting = false;
});
return;
}
DebugLogger.log(
'Proxy auth completed, captured ${result.cookies?.length ?? 0} cookies, '
'JWT: ${result.isFullyAuthenticated}',
scope: 'auth/connection',
);
// Build updated headers with proxy cookies
final updatedHeaders = Map<String, String>.from(tempConfig.customHeaders);
if (result.cookies != null && result.cookies!.isNotEmpty) {
// Format cookies as Cookie header
final proxyCookieHeader = result.cookies!.entries
.map((e) => '${e.key}=${e.value}')
.join('; ');
// Merge with existing Cookie header if present (from advanced settings)
final existingCookies = updatedHeaders['Cookie'];
if (existingCookies != null && existingCookies.isNotEmpty) {
updatedHeaders['Cookie'] = '$existingCookies; $proxyCookieHeader';
DebugLogger.log(
'Merged ${result.cookies!.length} proxy cookies with existing Cookie header',
scope: 'auth/connection',
);
} else {
updatedHeaders['Cookie'] = proxyCookieHeader;
DebugLogger.log(
'Added Cookie header with ${result.cookies!.length} cookies',
scope: 'auth/connection',
);
}
}
// Create updated config with proxy cookies (and possibly JWT token)
final configWithCookies = ServerConfig(
id: tempConfig.id,
name: tempConfig.name,
url: tempConfig.url,
customHeaders: updatedHeaders,
isActive: tempConfig.isActive,
allowSelfSignedCertificates: tempConfig.allowSelfSignedCertificates,
// If we got a JWT token, store it as apiKey for API auth
apiKey: result.jwtToken,
);
// Create new API service with updated config
final apiWithCookies = ApiService(
serverConfig: configWithCookies,
workerManager: workerManager,
// If we have a JWT token, use it as auth token
authToken: result.jwtToken,
);
// Now verify it's an OpenWebUI server
DebugLogger.log(
'Verifying OpenWebUI server with proxy cookies...',
scope: 'auth/connection',
);
final backendConfig = await apiWithCookies.verifyAndGetConfig();
if (backendConfig == null) {
if (mounted) {
setState(() {
_connectionError =
'Could not verify OpenWebUI server. The proxy cookies may '
'have expired or be invalid. Please try again.';
_isConnecting = false;
});
}
return;
}
// Check if user is already fully authenticated via trusted headers
// (e.g., oauth2-proxy with X-Forwarded-Email)
if (result.isFullyAuthenticated) {
DebugLogger.log(
'User already authenticated via trusted headers, '
'skipping sign-in page',
scope: 'auth/connection',
);
// Save the server config and go directly to chat
await _completeAuthWithToken(
configWithCookies,
result.jwtToken!,
);
return;
}
DebugLogger.log(
'Server validated with proxy cookies, navigating to auth page',
scope: 'auth/connection',
);
if (mounted) {
final authFlowConfig = AuthFlowConfig(
serverConfig: configWithCookies,
backendConfig: backendConfig,
);
context.pushNamed(RouteNames.authentication, extra: authFlowConfig);
}
}
/// Completes authentication when user is already authenticated via
/// trusted headers (oauth2-proxy with X-Forwarded-Email).
Future<void> _completeAuthWithToken(
ServerConfig serverConfig,
String token,
) async {
try {
// Save the server config first (needed for auth actions)
await _saveServerConfig(serverConfig);
// Use the same auth flow as SSO - loginWithApiKey handles
// saving credentials and updating auth state
final authActions = ref.read(authActionsProvider);
final success = await authActions.loginWithApiKey(
token,
rememberCredentials: true,
authType: 'proxy-sso', // Mark as proxy-obtained token
);
if (!mounted) return;
if (success) {
DebugLogger.auth('Proxy SSO login successful');
// Navigation is handled automatically by the router when auth state
// changes to authenticated. The router redirect will navigate to chat.
} else {
throw Exception('Login failed');
}
} catch (e, stack) {
DebugLogger.error(
'Failed to complete auth with token',
scope: 'auth/connection',
error: e,
stackTrace: stack,
);
if (mounted) {
setState(() {
_connectionError =
'Authentication failed. Please try signing in manually.';
_isConnecting = false;
});
}
}
}
/// Saves server config (extracted from authentication_page.dart)
Future<void> _saveServerConfig(ServerConfig config) async {
final storage = ref.read(optimizedStorageServiceProvider);
await storage.saveServerConfigs([config]);
await storage.setActiveServerId(config.id);
ref.invalidate(serverConfigsProvider);
ref.invalidate(activeServerProvider);
}
String _validateAndFormatUrl(String input) {
if (input.isEmpty) {
throw Exception(AppLocalizations.of(context)!.serverUrlEmpty);
@@ -593,11 +822,13 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
}
Widget _buildAdvancedSettingsContent() {
final l10n = AppLocalizations.of(context)!;
return Padding(
padding: const EdgeInsets.all(Spacing.md),
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
// Self-signed certificates toggle
Container(
width: double.infinity,
padding: const EdgeInsets.all(Spacing.md),
@@ -628,9 +859,7 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
AppLocalizations.of(
context,
)!.allowSelfSignedCertificates,
l10n.allowSelfSignedCertificates,
style: context.conduitTheme.bodySmall?.copyWith(
fontWeight: FontWeight.w600,
color: context.conduitTheme.textPrimary,
@@ -638,9 +867,7 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
),
const SizedBox(height: Spacing.xs),
Text(
AppLocalizations.of(
context,
)!.allowSelfSignedCertificatesDescription,
l10n.allowSelfSignedCertificatesDescription,
style: context.conduitTheme.bodySmall?.copyWith(
color: context.conduitTheme.textSecondary,
),
@@ -661,11 +888,69 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
],
),
),
// Server behind proxy toggle
Container(
width: double.infinity,
padding: const EdgeInsets.all(Spacing.md),
margin: const EdgeInsets.only(bottom: Spacing.md),
decoration: BoxDecoration(
color: context.conduitTheme.surfaceContainer.withValues(
alpha: 0.3,
),
borderRadius: BorderRadius.circular(AppBorderRadius.small),
border: Border.all(
color: context.conduitTheme.dividerColor.withValues(alpha: 0.4),
width: BorderWidth.thin,
),
),
child: Row(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Icon(
Platform.isIOS ? CupertinoIcons.shield : Icons.security,
color: context.conduitTheme.iconSecondary,
size: IconSize.small,
),
const SizedBox(width: Spacing.sm),
Expanded(
child: Column(
crossAxisAlignment: CrossAxisAlignment.start,
children: [
Text(
l10n.serverBehindProxy,
style: context.conduitTheme.bodySmall?.copyWith(
fontWeight: FontWeight.w600,
color: context.conduitTheme.textPrimary,
),
),
const SizedBox(height: Spacing.xs),
Text(
l10n.serverBehindProxyDescription,
style: context.conduitTheme.bodySmall?.copyWith(
color: context.conduitTheme.textSecondary,
),
),
],
),
),
const SizedBox(width: Spacing.sm),
Switch.adaptive(
value: _serverBehindProxy,
onChanged: (value) {
setState(() {
_serverBehindProxy = value;
});
},
activeTrackColor: context.conduitTheme.buttonPrimary,
),
],
),
),
Row(
mainAxisAlignment: MainAxisAlignment.spaceBetween,
children: [
Text(
AppLocalizations.of(context)!.customHeaders,
l10n.customHeaders,
style: context.conduitTheme.bodySmall?.copyWith(
fontWeight: FontWeight.w500,
),
@@ -683,7 +968,7 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
),
const SizedBox(height: Spacing.xs),
Text(
AppLocalizations.of(context)!.customHeadersDescription,
l10n.customHeadersDescription,
style: context.conduitTheme.bodySmall?.copyWith(
color: context.conduitTheme.textSecondary,
),
@@ -695,7 +980,7 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
Expanded(
flex: 2,
child: AccessibleFormField(
label: AppLocalizations.of(context)!.headerName,
label: l10n.headerName,
hint: 'X-Custom-Header',
controller: _headerKeyController,
validator: (value) => _validateHeaderKey(value ?? ''),
@@ -708,8 +993,8 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
Expanded(
flex: 3,
child: AccessibleFormField(
label: AppLocalizations.of(context)!.headerValue,
hint: AppLocalizations.of(context)!.headerValueHint,
label: l10n.headerValue,
hint: l10n.headerValueHint,
controller: _headerValueController,
validator: (value) => _validateHeaderValue(value ?? ''),
semanticLabel: 'Enter header value',
@@ -724,8 +1009,8 @@ class _ServerConnectionPageState extends ConsumerState<ServerConnectionPage> {
? null
: _addCustomHeader,
tooltip: _customHeaders.length >= 10
? AppLocalizations.of(context)!.maximumHeadersReached
: AppLocalizations.of(context)!.addHeader,
? l10n.maximumHeadersReached
: l10n.addHeader,
backgroundColor: _customHeaders.length >= 10
? context.conduitTheme.surfaceContainer
: context.conduitTheme.buttonPrimary,