add support for redirecting from auth failures on api calls

docker/main/build_nginx.sh

@@ -5,6 +5,8 @@ set -euxo pipefail
 NGINX_VERSION="1.25.3"
 VOD_MODULE_VERSION="1.31"
 SECURE_TOKEN_MODULE_VERSION="1.5"
+SET_MISC_MODULE_VERSION="v0.33"
+NGX_DEVEL_KIT_VERSION="v0.3.3"
 
 cp /etc/apt/sources.list /etc/apt/sources.list.d/sources-src.list
 sed -i 's|deb http|deb-src http|g' /etc/apt/sources.list.d/sources-src.list
@@ -49,6 +51,16 @@ wget https://github.com/kaltura/nginx-secure-token-module/archive/refs/tags/${SE
 tar -zxf ${SECURE_TOKEN_MODULE_VERSION}.tar.gz -C /tmp/nginx-secure-token-module --strip-components=1
 rm ${SECURE_TOKEN_MODULE_VERSION}.tar.gz
 
+mkdir /tmp/ngx_devel_kit
+wget https://github.com/vision5/ngx_devel_kit/archive/refs/tags/${NGX_DEVEL_KIT_VERSION}.tar.gz
+tar -zxf ${NGX_DEVEL_KIT_VERSION}.tar.gz -C /tmp/ngx_devel_kit --strip-components=1
+rm ${NGX_DEVEL_KIT_VERSION}.tar.gz
+
+mkdir /tmp/nginx-set-misc-module
+wget https://github.com/openresty/set-misc-nginx-module/archive/refs/tags/${SET_MISC_MODULE_VERSION}.tar.gz
+tar -zxf ${SET_MISC_MODULE_VERSION}.tar.gz -C /tmp/nginx-set-misc-module --strip-components=1
+rm ${SET_MISC_MODULE_VERSION}.tar.gz
+
 cd /tmp/nginx
 
 ./configure --prefix=/usr/local/nginx \
@@ -56,7 +68,10 @@ cd /tmp/nginx
     --with-http_sub_module \
     --with-http_ssl_module \
     --with-http_auth_request_module \
+    --with-http_realip_module \
     --with-threads \
+    --add-module=../ngx_devel_kit \
+    --add-module=../nginx-set-misc-module \
     --add-module=../nginx-vod-module \
     --add-module=../nginx-secure-token-module \
     --with-cc-opt="-O3 -Wno-error=implicit-fallthrough"

docker/main/rootfs/usr/local/nginx/conf/auth_request.conf

@@ -16,3 +16,7 @@ proxy_set_header Remote-Name $name;
 ## Refresh the cookie as needed
 auth_request_set $auth_cookie $upstream_http_set_cookie;
 add_header Set-Cookie $auth_cookie;
+
+## Redirect to the redirection url in the location header
+auth_request_set $redirection_url $upstream_http_location;
+error_page 401 =302 $redirection_url;

web/src/api/index.tsx

@@ -25,8 +25,9 @@ export function ApiProvider({ children, options }: ApiProviderType) {
           return axios.get(path, { params }).then((res) => res.data);
         },
         onError: (error, _key) => {
-          if (error.response.status === 401) {
-            window.location.href = "login";
+          if ([401, 302, 307].includes(error.response.status)) {
+            window.location.href =
+              error.response.headers.get("location") ?? "login";
           }
         },
         ...options,