fix for 401 requests

src/app/core/auth/auth.service.spec.ts

@@ -148,7 +148,7 @@ describe('AuthService test', () => {
           (state as any).core = Object.create({});
           (state as any).core.auth = authenticatedState;
         });
-      authService = new AuthService({}, window, authReqService, router, cookieService, store, rdbService);
+      authService = new AuthService({}, window, undefined, authReqService, router, cookieService, store, rdbService);
     }));
 
     it('should return true when user is logged in', () => {
@@ -207,7 +207,7 @@ describe('AuthService test', () => {
           (state as any).core = Object.create({});
           (state as any).core.auth = authenticatedState;
         });
-      authService = new AuthService({}, window, authReqService, router, cookieService, store, rdbService);
+      authService = new AuthService({}, window, undefined, authReqService, router, cookieService, store, rdbService);
       storage = (authService as any).storage;
       spyOn(storage, 'get');
       spyOn(storage, 'remove');

src/app/core/auth/auth.service.ts

@@ -9,10 +9,10 @@ import {
   take,
   withLatestFrom
 } from 'rxjs/operators';
-import { Inject, Injectable } from '@angular/core';
+import { Inject, Injectable, Optional } from '@angular/core';
 import { PRIMARY_OUTLET, Router, UrlSegmentGroup, UrlTree } from '@angular/router';
 import { HttpHeaders } from '@angular/common/http';
-import { REQUEST } from '@nguniversal/express-engine/tokens';
+import { REQUEST, RESPONSE } from '@nguniversal/express-engine/tokens';
 
 import { RouterReducerState } from '@ngrx/router-store';
 import { select, Store } from '@ngrx/store';
@@ -59,6 +59,7 @@ export class AuthService {
   constructor(@Inject(REQUEST) protected req: any,
               @Inject(NativeWindowService) protected _window: NativeWindowRef,
               protected authRequestService: AuthRequestService,
+              @Optional() @Inject(RESPONSE) private response: any,
               protected router: Router,
               protected storage: CookieService,
               protected store: Store<AppState>,
@@ -345,6 +346,10 @@ export class AuthService {
     if (this._window.nativeWindow.location) {
       // Hard redirect to login page, so that all state is definitely lost
       this._window.nativeWindow.location.href = redirectUrl;
+    } else if (this.response) {
+      if (!this.response._headerSent) {
+        this.response.redirect(302, redirectUrl);
+      }
     } else {
       this.router.navigateByUrl(redirectUrl);
     }

src/server.ts

@@ -17,6 +17,7 @@ import { ngExpressEngine } from '@nguniversal/express-engine';
 
 import { ROUTES } from './routes';
 import { ENV_CONFIG } from './config';
+import { REQUEST, RESPONSE } from '@nguniversal/express-engine/tokens';
 
 export function startServer(bootstrap: Type<{}> | NgModuleFactory<{}>) {
   const app = express();
@@ -31,9 +32,21 @@ export function startServer(bootstrap: Type<{}> | NgModuleFactory<{}>) {
   app.use(cookieParser());
   app.use(bodyParser.json());
 
-  app.engine('html', ngExpressEngine({
-    bootstrap: bootstrap
-  }));
+  app.engine('html', (_, options, callback) =>
+    ngExpressEngine({
+      bootstrap: bootstrap,
+      providers: [
+        {
+          provide: REQUEST,
+          useValue: options.req,
+        },
+        {
+          provide: RESPONSE,
+          useValue: options.req.res,
+        },
+      ],
+    })(_, options, callback)
+  );
 
   app.set('view engine', 'html');
   app.set('views', 'src');
@@ -53,9 +66,11 @@ export function startServer(bootstrap: Type<{}> | NgModuleFactory<{}>) {
   function ngApp(req, res) {
 
     function onHandleError(parentZoneDelegate, currentZone, targetZone, error) {
+      if (!res._headerSent)  {
         console.warn('Error in SSR, serving for direct CSR');
         res.sendFile('index.csr.html', { root: './src' });
       }
+    }
 
     if (ENV_CONFIG.universal.preboot) {
       Zone.current.fork({ name: 'CSR fallback', onHandleError }).run(() => {