Fix storage page authentication to support cookie-based sessions

The /storage route was only checking Bearer token authentication, causing logged-in browser users to be redirected to login. Now also checks cookie authentication like other HTML pages. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 00:10:23 +00:00
parent 70cde17fef
commit fb5c46330d
1 changed files with 6 additions and 3 deletions
--- a/server.py
+++ b/server.py
@@ -3051,12 +3051,15 @@ async def list_storage(request: Request, user: User = Depends(get_optional_user)
    accept = request.headers.get("accept", "")
    wants_json = "application/json" in accept and "text/html" not in accept

-    if not user:
+    # For browser sessions, also check cookie authentication
+    username = user.username if user else get_user_from_cookie(request)
+
+    if not username:
        if wants_json:
            raise HTTPException(401, "Authentication required")
        return RedirectResponse(url="/login", status_code=302)

-    storages = await db.get_user_storage(user.username)
+    storages = await db.get_user_storage(username)

    # Add usage stats to each storage
    for storage in storages:
@@ -3079,7 +3082,7 @@ async def list_storage(request: Request, user: User = Depends(get_optional_user)
        return {"storages": storages}

    # Default to HTML for browsers
-    return await ui_storage_page(user.username, storages, request)
+    return await ui_storage_page(username, storages, request)


@app.post("/storage")