From fb5c46330d50f067030961bc78582ea3efa71b33 Mon Sep 17 00:00:00 2001 From: gilesb Date: Sat, 10 Jan 2026 00:10:23 +0000 Subject: [PATCH] Fix storage page authentication to support cookie-based sessions The /storage route was only checking Bearer token authentication, causing logged-in browser users to be redirected to login. Now also checks cookie authentication like other HTML pages. Co-Authored-By: Claude Opus 4.5 --- server.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/server.py b/server.py index b8db6fb..5b8d313 100644 --- a/server.py +++ b/server.py @@ -3051,12 +3051,15 @@ async def list_storage(request: Request, user: User = Depends(get_optional_user) accept = request.headers.get("accept", "") wants_json = "application/json" in accept and "text/html" not in accept - if not user: + # For browser sessions, also check cookie authentication + username = user.username if user else get_user_from_cookie(request) + + if not username: if wants_json: raise HTTPException(401, "Authentication required") return RedirectResponse(url="/login", status_code=302) - storages = await db.get_user_storage(user.username) + storages = await db.get_user_storage(username) # Add usage stats to each storage for storage in storages: @@ -3079,7 +3082,7 @@ async def list_storage(request: Request, user: User = Depends(get_optional_user) return {"storages": storages} # Default to HTML for browsers - return await ui_storage_page(user.username, storages, request) + return await ui_storage_page(username, storages, request) @app.post("/storage")