From 613cc87ebdd1b13c7458510b3ffd7537840461be Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Fri, 9 Oct 2020 16:21:20 -0500
Subject: [PATCH] Allow login while proxing a sub-domain

---
 src/node/http.ts | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/node/http.ts b/src/node/http.ts
index c616c883..af81f187 100644
--- a/src/node/http.ts
+++ b/src/node/http.ts
@@ -927,7 +927,29 @@ export class HttpServer {
     }
 
     // Must be authenticated to use the proxy.
-    route.provider.ensureAuthenticated(request)
+    if (!route.provider.authenticated(request)) {
+      // Attempt to determine if it's the user browsing the root and if so fall
+      // through to allow the login flow.
+      if (request.headers["content-type"] !== "application/json") {
+        switch (route.providerBase) {
+          case "/":
+          case "/static":
+            if (request.method === "GET") {
+              return undefined
+            }
+            break
+          case "/login":
+            if (request.method === "GET" || request.method === "POST") {
+              return undefined
+            }
+            break
+        }
+      }
+
+      // Assume anything else is some kind of request from the proxied
+      // application and return an unauthorized message.
+      throw new HttpError("Unauthorized", HttpCode.Unauthorized)
+    }
 
     return {
       proxy: {
-- 
GitLab