Logout & Login needed to see newly published packages in Web UI

[MatijaSi]

Your Environment

• verdaccio version: 5.23.2
• node version 16.15.1
• package manager: npm 8.3.0
• os: Windos 10
• platform: npm

Describe the bug

I am running Verdaccio through Caddy's reverse proxy on path /verdaccio/. Publishning scoped packages works - I didn't try with unscoped packages. In web ui (in Google Chrome) if I am authenticated newly published scoped packages arent't visible even after refresh - to see them logout & login is needed.

To Reproduce

Caddyfile:

:80 {
        handle_path /verdaccio/* {
                    reverse_proxy localhost:4873
        }
}

In cli:

verdaccio --config .\config.yaml --listen localhost:4873
caddy run

Go to http://localhost/verdaccio/ and login (user created earlier).

Create package and publish it:

npm publish --registry http://localhost/verdaccio/

Refresh http://localhost/verdaccio/. Newly added package at this point still is not visible for me.

Login, Logout through web ui and new package is finally listed.

Expected behavior

Newly published packaged visible after refresh, not after reauthentication.

Configuration File (cat ~/.config/verdaccio/config.yaml)

storage: ./storage
auth:
  htpasswd:
    file: ../htpasswd
    max-users: -1
    algorithm: bcrypt
uplinks:
  npmjs:
    url: https://registry.npmjs.org/
packages:
  '@scopename/*':
    access: $authenticated
    publish: matija.sirk
    unpublish: matija.sirk
  '@*/*':
    access: $authenticated
    proxy: npmjs
  '**':
    access: $authenticated
    proxy: npmjs
log: { type: file, path: ../../LOGS/npm.log, level: http }
url_prefix: /verdaccio/ 
web:
  enable: true
  title: Title
  primary_color: '#BE3B3B'
  gravatar: false
  darkMode: false
  pkgManagers:
    - npm
    - yarn
    - pnpm
  html_cache: true
  login: true
  showInfo: true
  showSettings: true

Environment information

Environment Info:
  System:
    OS: Windows 10 10.0.19045
    CPU: (12) x64 Intel(R) Core(TM) i5-10600K CPU @ 4.10GHz
  Binaries:
    npm: 8.3.0 - C:\Program Files\nodejs\npm.CMD
  Virtualization:
    Docker: 19.03.12 - C:\ProgramData\chocolatey\bin\docker.EXE
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (112.0.1722.48)

Contribute to Verdaccio

• I'm willing to fix this bug 🥇

[MatijaSi]

I think there is issue with authentication in general. If webpage is open in non-focused tab for some time, index after refresh switches to:

No Package Published Yet.
To publish your first package just:
1. Create user

npm adduser --registry http://localhost/verdaccio/
2. Publish

npm publish --registry http://localhost/verdaccio/
3. Refresh this page

And if I was on single package page before refresh, I get following error after refresh:

Sorry, we couldn't find it...

And in network tab I see 401 response to http://localhost/verdaccio/-/verdaccio/data/sidebar/@scopename/packagename with body:

{
  "error": "authorization required to access package @kopit/it-frontend"
}

However clicking on profile tab looks like I am still authenticated:

[mrcego]

Related to #3163