Use HTTP GET instead of HEAD to verify user existence (#913)

HEAD doesn't appear to run auth schemes and always returns 404?
SapiensAnatis · Jun 30, 2024 · a038edb · a038edb
1 parent 7038585
commit a038edb
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 7 deletions.
diff --git a/DragaliaAPI/DragaliaAPI/Features/Web/Account/UserController.cs b/DragaliaAPI/DragaliaAPI/Features/Web/Account/UserController.cs
@@ -16,9 +16,7 @@ namespace DragaliaAPI.Features.Web.Account;
 [ApiController]
 public class UserController(UserService userService) : ControllerBase
 {
-    [Route("me")]
-    [HttpGet]
-    [HttpHead]
+    [HttpGet("me")]
     [Authorize(Policy = PolicyNames.RequireValidJwt)]
     public async Task<ActionResult<User>> GetSelf(CancellationToken cancellationToken)
     {

diff --git a/Website/src/mocks/handlers/handlers.ts b/Website/src/mocks/handlers/handlers.ts
@@ -57,7 +57,6 @@ export const handlers = [
   ...http.get('/api/news', handleNews),
   ...http.get('/api/news/:itemId', handleNewsItem),
 
-  ...http.head('/api/user/me', withAuth(handleUser)),
   ...http.get('/api/user/me', withAuth(handleUser)),
   ...http.get('/api/user/me/profile', withAuth(handleUserProfile)),
 

diff --git a/Website/src/routes/(main)/news/item.svelte b/Website/src/routes/(main)/news/item.svelte
@@ -17,15 +17,18 @@
   <div
     class="flex h-full w-full items-center justify-center md:row-span-1 md:h-[200px] lg:row-span-2 lg:h-full lg:w-[13rem]">
     {#if item.headerImageSrc}
-      <Image src={item.headerImageSrc} layout="fullWidth" class="hidden max-w-[13rem] lg:block" />
+      <Image
+        src={item.headerImageSrc}
+        layout="fullWidth"
+        class="hidden h-[100%] max-w-[13rem] lg:block" />
       <Image src={item.headerImageSrc} height={200} class="block lg:hidden" layout="fullWidth" />
     {:else}
       <Newspaper class="h-[10rem] w-[10rem] p-4" strokeWidth={1} />
     {/if}
   </div>
   <Header {item} {lastRead} />
   {#if description}
-    <CardContent class="min-h-20">
+    <CardContent class="min-h-32">
       <!-- Trusted input from API server - XSS is unlikely without server being compromised -->
       <!-- eslint-disable-next-line svelte/no-at-html-tags -->
       {@html item.description}

diff --git a/Website/src/routes/(main)/oauth/+page.server.ts b/Website/src/routes/(main)/oauth/+page.server.ts
@@ -124,7 +124,6 @@ const checkUserExists = async (
   fetch: (url: URL, req: RequestInit) => Promise<Response>
 ) => {
   const userMeResponse = await fetch(new URL('user/me', PUBLIC_DAWNSHARD_API_URL), {
-    method: 'HEAD',
     headers: {
       Authorization: `Bearer ${idToken}`
     }