frigate/web/src/context/auth-context.tsx

import axios from "axios";
import { createContext, useEffect, useState } from "react";
import useSWR from "swr";

interface AuthState {
  user: { username: string; role: string | null } | null;
  allowedCameras: string[];
  isLoading: boolean;
  isAuthenticated: boolean; // true if auth is required
}

interface AuthContextType {
  auth: AuthState;
  login: (user: AuthState["user"]) => void;
  logout: () => void;
}

export const AuthContext = createContext<AuthContextType>({
  auth: {
    user: null,
    allowedCameras: [],
    isLoading: true,
    isAuthenticated: false,
  },
  login: () => {},
  logout: () => {},
});

export function AuthProvider({ children }: { children: React.ReactNode }) {
  const [auth, setAuth] = useState<AuthState>({
    user: null,
    allowedCameras: [],
    isLoading: true,
    isAuthenticated: false,
  });

  const { data: profile, error } = useSWR("/profile", {
    revalidateOnFocus: false,
    revalidateOnReconnect: true,
    fetcher: (url) =>
      axios.get(url, { withCredentials: true }).then((res) => res.data),
  });

  useEffect(() => {
    if (error) {
      if (axios.isAxiosError(error) && error.response?.status === 401) {
        // auth required but not logged in
        setAuth({
          user: null,
          allowedCameras: [],
          isLoading: false,
          isAuthenticated: true,
        });
      }
      return;
    }

    if (profile) {
      if (profile.username && profile.username !== "anonymous") {
        const newUser = {
          username: profile.username,
          role: profile.role || "viewer",
        };

        const allowedCameras = Array.isArray(profile.allowed_cameras)
          ? profile.allowed_cameras
          : [];
        setAuth({
          user: newUser,
          allowedCameras,
          isLoading: false,
          isAuthenticated: true,
        });
      } else {
        // Unauthenticated mode (anonymous)
        setAuth({
          user: null,
          allowedCameras: [],
          isLoading: false,
          isAuthenticated: false,
        });
      }
    }
  }, [profile, error]);

  const login = (user: AuthState["user"]) => {
    setAuth((current) => ({
      ...current,
      user,
      isLoading: false,
      isAuthenticated: true,
    }));
  };

  const logout = () => {
    setAuth({
      user: null,
      allowedCameras: [],
      isLoading: false,
      isAuthenticated: true,
    });
    axios.get("/logout", { withCredentials: true });
  };

  return (
    <AuthContext.Provider value={{ auth, login, logout }}>
      {children}
    </AuthContext.Provider>
  );
}
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`import axios from "axios";`
			`import { createContext, useEffect, useState } from "react";`
			`import useSWR from "swr";`

			`interface AuthState {`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`user: { username: string; role: string \| null } \| null;`
			`allowedCameras: string[];`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`isLoading: boolean;`
			`isAuthenticated: boolean; // true if auth is required`
			`}`

			`interface AuthContextType {`
			`auth: AuthState;`
			`login: (user: AuthState["user"]) => void;`
			`logout: () => void;`
			`}`

			`export const AuthContext = createContext<AuthContextType>({`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`auth: {`
			`user: null,`
			`allowedCameras: [],`
			`isLoading: true,`
			`isAuthenticated: false,`
			`},`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`login: () => {},`
			`logout: () => {},`
			`});`

			`export function AuthProvider({ children }: { children: React.ReactNode }) {`
			`const [auth, setAuth] = useState<AuthState>({`
			`user: null,`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`allowedCameras: [],`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`isLoading: true,`
			`isAuthenticated: false,`
			`});`

			`const { data: profile, error } = useSWR("/profile", {`
			`revalidateOnFocus: false,`
			`revalidateOnReconnect: true,`
			`fetcher: (url) =>`
			`axios.get(url, { withCredentials: true }).then((res) => res.data),`
			`});`

			`useEffect(() => {`
			`if (error) {`
			`if (axios.isAxiosError(error) && error.response?.status === 401) {`
			`// auth required but not logged in`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`setAuth({`
			`user: null,`
			`allowedCameras: [],`
			`isLoading: false,`
			`isAuthenticated: true,`
			`});`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`}`
			`return;`
			`}`

			`if (profile) {`
			`if (profile.username && profile.username !== "anonymous") {`
			`const newUser = {`
			`username: profile.username,`
			`role: profile.role \|\| "viewer",`
			`};`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00
			`const allowedCameras = Array.isArray(profile.allowed_cameras)`
			`? profile.allowed_cameras`
			`: [];`
			`setAuth({`
			`user: newUser,`
			`allowedCameras,`
			`isLoading: false,`
			`isAuthenticated: true,`
			`});`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`} else {`
			`// Unauthenticated mode (anonymous)`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`setAuth({`
			`user: null,`
			`allowedCameras: [],`
			`isLoading: false,`
			`isAuthenticated: false,`
			`});`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`}`
			`}`
			`}, [profile, error]);`

			`const login = (user: AuthState["user"]) => {`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`setAuth((current) => ({`
			`...current,`
			`user,`
			`isLoading: false,`
			`isAuthenticated: true,`
			`}));`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`};`

			`const logout = () => {`
update auth hook for allowed cameras 2025-09-10 14:55:19 +03:00			`setAuth({`
			`user: null,`
			`allowedCameras: [],`
			`isLoading: false,`
			`isAuthenticated: true,`
			`});`
UI viewer role (#16978) * db migration * db model * assign admin role on password reset * add role to jwt and api responses * don't restrict api access for admins yet * use json response * frontend auth context * update auth form for profile endpoint * add access denied page * add protected routes * auth hook * dialogs * user settings view * restrict viewer access to settings * restrict camera functions for viewer role * add password dialog to account menu * spacing tweak * migrator default to admin * escape quotes in migrator * ui tweaks * tweaks * colors * colors * fix merge conflict * fix icons * add api layer enforcement * ui tweaks * fix error message * debug * clean up * remove print * guard apis for admin only * fix tests * fix review tests * use correct error responses from api in toasts * add role to account menu 2025-03-08 19:01:08 +03:00			`axios.get("/logout", { withCredentials: true });`
			`};`

			`return (`
			`<AuthContext.Provider value={{ auth, login, logout }}>`
			`{children}`
			`</AuthContext.Provider>`
			`);`
			`}`