art-dag/activity-pub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix storage test and delete endpoints to support cookie auth

Browse Source 
Both /storage/{id}/test and DELETE /storage/{id} were using Bearer
token auth only. Now they also check cookie auth for browser sessions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-10 00:27:05 +00:00
parent 770c36479f
commit 2326658518
1 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
server.py
View File

@@ -3261,28 +3261,48 @@ async def update_storage(storage_id: int, req: UpdateStorageRequest, user: User
@app.delete("/storage/{storage_id}")
async def remove_storage(storage_id: int, user: User = Depends(get_required_user)):
async def remove_storage(storage_id: int, request: Request, user: User = Depends(get_optional_user)):
"""Remove a storage provider."""
# Support both Bearer token and cookie auth
username = user.username if user else get_user_from_cookie(request)
if not username:
raise HTTPException(401, "Not authenticated")
storage = await db.get_storage_by_id(storage_id)
if not storage:
raise HTTPException(404, "Storage provider not found")
if storage["username"] != user.username:
if storage["username"] != username:
raise HTTPException(403, "Not authorized")
success = await db.remove_user_storage(storage_id)
if not success:
raise HTTPException(500, "Failed to remove storage provider")
# Return empty string for HTMX to remove the element
if wants_html(request):
return HTMLResponse("")
return {"message": "Storage provider removed"}
@app.post("/storage/{storage_id}/test")
async def test_storage(storage_id: int, request: Request, user: User = Depends(get_required_user)):
async def test_storage(storage_id: int, request: Request, user: User = Depends(get_optional_user)):
"""Test storage provider connectivity."""
# Support both Bearer token and cookie auth
username = user.username if user else get_user_from_cookie(request)
if not username:
if wants_html(request):
return HTMLResponse('<span class="text-red-400">Not authenticated</span>', status_code=401)
raise HTTPException(401, "Not authenticated")
storage = await db.get_storage_by_id(storage_id)
if not storage:
if wants_html(request):
return HTMLResponse('<span class="text-red-400">Storage not found</span>', status_code=404)
raise HTTPException(404, "Storage provider not found")
if storage["username"] != user.username:
if storage["username"] != username:
if wants_html(request):
return HTMLResponse('<span class="text-red-400">Not authorized</span>', status_code=403)
raise HTTPException(403, "Not authorized")
config = storage["config"] if isinstance(storage["config"], dict) else json.loads(storage["config"])