Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c40a296a77bd2c13a8158792040835dfda2c7e69
OSIT-AE-App-Svelte/src/routes/+layout.ts
Scott Idem 8566917be1 API Hardening: Refine Bypass Logic and Enable Permissive Mode 
- Hardened 'Bootstrap Paradox' bypass logic in GET/POST helpers to only strip account ID if an intentional bypass value is provided.
- Enabled 'Permissive Update Mode' (x-ae-ignore-extra-fields: true) by default to improve frontend state synchronization.
- Fixed loader hydration bug where isolated API headers were being overwritten by stale global defaults.
- Ensured correctly resolved account names persist in local state instead of defaulting to 'Ghost Account'.
- Added Environment & Bridge diagnostics section to the testing dashboard for easier runtime verification.
2026-01-20 18:22:14 -05:00

236 lines
8.2 KiB
TypeScript
Raw Blame History

/** @type {import('./$types').LayoutLoad} */
// console.log(`ae_root +layout.ts: start`);
import { error } from '@sveltejs/kit';
import { lookup_site_domain_v3 } from '$lib/ae_core/ae_core__site';
import type { key_val } from '$lib/stores/ae_stores';
import type { ae_SiteDomain } from '$lib/types/ae_types';
export const ssr = false;
export const prerender = false;
import {
PUBLIC_AE_API_PROTOCOL,
PUBLIC_AE_API_SERVER,
PUBLIC_AE_API_BAK_SERVER,
PUBLIC_AE_API_PORT,
PUBLIC_AE_API_PATH,
PUBLIC_AE_API_SECRET_KEY,
PUBLIC_AE_API_CRUD_SUPER_KEY,
PUBLIC_AE_NO_ACCOUNT_ID,
PUBLIC_AE_NO_ACCOUNT_ID_TOKEN
} from '$env/static/public';
const api_base_url = `${PUBLIC_AE_API_PROTOCOL}://${PUBLIC_AE_API_SERVER}:${PUBLIC_AE_API_PORT}${PUBLIC_AE_API_PATH}`;
const api_base_url_bak = `${PUBLIC_AE_API_PROTOCOL}://${PUBLIC_AE_API_BAK_SERVER}:${PUBLIC_AE_API_PORT}${PUBLIC_AE_API_PATH}`;
const api_secret_key = PUBLIC_AE_API_SECRET_KEY;
const api_crud_super_key = PUBLIC_AE_API_CRUD_SUPER_KEY;
const ae_account_id: null | string = null;
const ae_no_account_id = PUBLIC_AE_NO_ACCOUNT_ID;
const ae_no_account_id_token = PUBLIC_AE_NO_ACCOUNT_ID_TOKEN;
const ae_api_init: key_val = {
ver: '2024-08-11_11',
base_url: api_base_url,
base_url_bak: api_base_url_bak,
api_secret_key: api_secret_key,
api_secret_key_bak: api_secret_key,
api_crud_super_key: api_crud_super_key,
headers: {},
account_id: ae_account_id
};
const ae_api_headers: key_val = {
'Access-Control-Allow-Origin': '*',
'Content-Type': 'application/json',
'x-aether-api-key': api_secret_key,
'x-ae-ignore-extra-fields': 'true'
};
ae_api_init['headers'] = ae_api_headers;
export async function load({ fetch, params, parent, route, url }) {
const log_lvl: number = 1;
let account_id: any;
const ae_acct: key_val = {
api: {
...ae_api_init,
headers: { ...ae_api_headers } // Local clone
},
ds: {},
loc: {
account_id: '',
site_id: '',
site_domain_id: '',
iframe: false
},
sess: {},
slct: {}
};
// Initialize API fetch with SvelteKit fetch
ae_api_init['fetch'] = fetch;
const ae_loc_init: key_val = {};
const ds_code_li: null | key_val = {};
const data_struct: key_val = {
account_id: null,
ae_acct: {},
ae_loc: {},
ae_api: ae_api_init,
ae_ds: {},
ae_hub: {},
ae_m_sponsorships: {},
ae_m_events: {},
ae_m_events_speakers: {},
ae_m_idaa: {},
ae_slct: {},
iframe: false,
ae_root_layout_ts: true,
params: params,
route: route,
url: url,
sections: [
{ slug: 'new', title: 'New Test' },
{ slug: 'manage', title: 'Manage Test' },
{ slug: 'test', title: 'Test Test' }
],
submenu: {}
};
const fqdn = url.host;
let result: any = null;
let api_error = false;
try {
if (log_lvl) console.log(`ROOT LOAD: Starting site lookup V3 for ${fqdn}...`);
// Use dedicated Agent Key for Bootstrap and include the unauthenticated bypass header ONLY for this request
const bootstrap_api_cfg = {
...ae_api_init,
api_secret_key: 'IDF68Em5X4HTZlswRNgepQ',
headers: {
...ae_api_init.headers,
'x-aether-api-key': 'IDF68Em5X4HTZlswRNgepQ',
'x-no-account-id': ae_no_account_id || 'bypass'
}
};
result = await lookup_site_domain_v3({
api_cfg: bootstrap_api_cfg,
fqdn,
view: 'base',
log_lvl
});
if (log_lvl) console.log(`ROOT LOAD: Site lookup result for ${fqdn}:`, result);
} catch (err) {
console.error(`ROOT LOAD: Site lookup critical failure for ${fqdn}.`, err);
api_error = true;
}
// Defensive check: if result is false (common from API helper) or null, use emergency ghost
if (!result || typeof result !== 'object' || result.account_id === 'ghost') {
console.warn(`ROOT LOAD: Falsy or Ghost result for ${fqdn}. Forcing fallback message.`);
result = {
id: 'ghost',
id_random: 'ghost',
account_id_random: 'ghost',
account_code: 'ghost',
account_name: api_error ? 'API Connection Failed' : 'Domain Not Registered',
site_id_random: 'ghost',
site_domain_id_random: 'ghost',
enable: '1',
cfg_json: {},
style_href: '',
header_image_path: ''
};
}
const json_data = result;
// CRITICAL: SvelteKit hydration can fail if these are undefined
// V3 ID Vision: Use account_id (random string) instead of account_id_random
account_id = json_data.account_id || json_data.account_id_random || 'ghost';
data_struct.account_id = account_id;
ae_acct.account_id = account_id;
if (log_lvl) console.log(`ROOT LOAD: Using account_id: ${account_id}`);
// Update the local clones
ae_acct.api.account_id = account_id;
ae_acct.api.headers['x-account-id'] = account_id;
ae_loc_init['account_id'] = account_id;
ae_loc_init['account_code'] = json_data.account_code || 'ghost';
ae_loc_init['account_name'] = json_data.account_name || 'Ghost Account';
ae_loc_init['site_id'] = json_data.site_id || json_data.site_id_random || 'ghost';
ae_loc_init['site_domain_id'] = json_data.site_domain_id || json_data.site_domain_id_random || 'ghost';
ae_loc_init['site_enable'] = json_data.enable || '1';
ae_loc_init['site_header_image_path'] = json_data.header_image_path || '';
ae_loc_init['site_style_href'] = json_data.style_href || '';
ae_loc_init['site_google_tracking_id'] = json_data.google_tracking_id || '';
ae_loc_init['site_access_code_kv'] = json_data.access_code_kv_json || {};
ae_loc_init['site_cfg_json'] = json_data.cfg_json || {};
ae_loc_init['site_access_key'] = json_data.access_key || '';
ae_loc_init['site_domain_access_key'] = json_data.site_domain_access_key || '';
ae_loc_init['base_url'] = url.origin;
ae_loc_init['hostname'] = url.hostname;
if (!ae_loc_init['site_access_key'] && !ae_loc_init['site_domain_access_key']) {
ae_loc_init['key_checked'] = true;
ae_loc_init['allow_access'] = true;
} else {
const access_key = url.searchParams.get('key');
if (access_key) {
if (log_lvl) {
console.log(`root +layout.ts: access_key = ${access_key}`);
}
if (access_key == ae_loc_init['site_access_key']) {
ae_loc_init['key_checked'] = ae_loc_init['site_access_key'];
ae_loc_init['allow_access'] = ae_loc_init['site_access_key'];
}
else if (access_key == ae_loc_init['site_domain_access_key']) {
ae_loc_init['key_checked'] = ae_loc_init['site_domain_access_key'];
ae_loc_init['allow_access'] = ae_loc_init['site_domain_access_key'];
} else {
ae_loc_init['key_checked'] = true;
ae_loc_init['allow_access'] = false;
}
} else {
ae_loc_init['key_checked'] = true;
}
}
// if (!account_id) {
// error(500, {
// message: 'The account ID was not found! Check the API.'
// });
// }
ae_loc_init['account_name'] = json_data.account_name || 'Account Name Not Set';
// ae_acct['api'] = ae_api_init; // DO NOT USE: This overwrites our isolated clone from line 65
ae_acct['loc'] = ae_loc_init;
ae_acct['ds'] = ds_code_li;
ae_acct['slct'] = {
account_id: account_id,
site_domain_id: ae_loc_init.site_domain_id,
site_id: ae_loc_init.site_id,
event_id: ae_loc_init.site_cfg_json?.slct__event_id,
event_badge_template_id: ae_loc_init.site_cfg_json?.slct__event_badge_template_id,
sponsorship_cfg_id: ae_loc_init.site_cfg_json?.slct__sponsorship_cfg_id
};
data_struct[account_id] = ae_acct;
if (log_lvl) console.log('ROOT LOAD: Final data_struct structure ready.', Object.keys(data_struct));
return data_struct;
}
Reference in New Issue View Git Blame Copy Permalink