NET-811: block normal user login from accessing dashboard (#2724)

* block normal user login from accessing dashboard * header change * allow from ui header * allow from ui header * check for user role after decoding * block oauth login for normal user * handle other oauth provider callback funcs for user login
2025-10-05 08:47:35 +08:00 · 2023-12-20 09:08:55 +04:00
parent 72f84c1355
commit b69bf60160
7 changed files with 77 additions and 2 deletions
--- a/controllers/controller.go
+++ b/controllers/controller.go
@@ -41,7 +41,7 @@ func HandleRESTRequests(wg *sync.WaitGroup, ctx context.Context) {

 	// Currently allowed dev origin is all. Should change in prod
 	// should consider analyzing the allowed methods further
-	headersOk := handlers.AllowedHeaders([]string{"Access-Control-Allow-Origin", "X-Requested-With", "Content-Type", "authorization"})
+	headersOk := handlers.AllowedHeaders([]string{"Access-Control-Allow-Origin", "X-Requested-With", "Content-Type", "authorization", "From-Ui"})
 	originsOk := handlers.AllowedOrigins(strings.Split(servercfg.GetAllowedOrigin(), ","))
 	methodsOk := handlers.AllowedMethods([]string{http.MethodGet, http.MethodPut, http.MethodPost, http.MethodDelete})