Complete L1 router and template migration
- Full implementation of runs, recipes, cache routers with templates - Auth and storage routers fully migrated - Jinja2 templates for all L1 pages - Service layer for auth and storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -10,16 +10,18 @@ from fastapi.responses import RedirectResponse
|
||||
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
||||
from pydantic import BaseModel
|
||||
|
||||
# Import auth utilities from existing server module
|
||||
# TODO: Move these to a service
|
||||
import sys
|
||||
import os
|
||||
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))
|
||||
from ..dependencies import get_redis_client
|
||||
from ..services.auth_service import AuthService
|
||||
|
||||
router = APIRouter()
|
||||
security = HTTPBearer(auto_error=False)
|
||||
|
||||
|
||||
def get_auth_service():
|
||||
"""Get auth service instance."""
|
||||
return AuthService(get_redis_client())
|
||||
|
||||
|
||||
class RevokeUserRequest(BaseModel):
|
||||
"""Request to revoke all tokens for a user."""
|
||||
username: str
|
||||
@@ -27,26 +29,27 @@ class RevokeUserRequest(BaseModel):
|
||||
|
||||
|
||||
@router.get("")
|
||||
async def auth_callback(auth_token: str = None):
|
||||
async def auth_callback(
|
||||
request: Request,
|
||||
auth_token: str = None,
|
||||
auth_service: AuthService = Depends(get_auth_service),
|
||||
):
|
||||
"""
|
||||
Receive auth token from L2 redirect and set local cookie.
|
||||
|
||||
This enables cross-subdomain auth on iOS Safari which blocks shared cookies.
|
||||
L2 redirects here with ?auth_token=... after user logs in.
|
||||
"""
|
||||
# Import here to avoid circular imports
|
||||
from server import get_verified_user_context, register_user_token
|
||||
|
||||
if not auth_token:
|
||||
return RedirectResponse(url="/", status_code=302)
|
||||
|
||||
# Verify the token is valid
|
||||
ctx = await get_verified_user_context(auth_token)
|
||||
ctx = await auth_service.verify_token_with_l2(auth_token)
|
||||
if not ctx:
|
||||
return RedirectResponse(url="/", status_code=302)
|
||||
|
||||
# Register token for this user (for revocation by username later)
|
||||
register_user_token(ctx.username, auth_token)
|
||||
auth_service.register_user_token(ctx.username, auth_token)
|
||||
|
||||
# Set local first-party cookie and redirect to runs
|
||||
response = RedirectResponse(url="/runs", status_code=302)
|
||||
@@ -76,41 +79,41 @@ async def logout():
|
||||
@router.post("/revoke")
|
||||
async def revoke_token(
|
||||
credentials: HTTPAuthorizationCredentials = Depends(security),
|
||||
auth_service: AuthService = Depends(get_auth_service),
|
||||
):
|
||||
"""
|
||||
Revoke a token. Called by L2 when user logs out.
|
||||
|
||||
The token to revoke is passed in the Authorization header.
|
||||
"""
|
||||
from server import get_user_context_from_token, revoke_token as do_revoke_token
|
||||
|
||||
if not credentials:
|
||||
raise HTTPException(401, "No token provided")
|
||||
|
||||
token = credentials.credentials
|
||||
|
||||
# Verify token is valid before revoking (ensures caller has the token)
|
||||
ctx = get_user_context_from_token(token)
|
||||
ctx = auth_service.get_user_context_from_token(token)
|
||||
if not ctx:
|
||||
raise HTTPException(401, "Invalid token")
|
||||
|
||||
# Revoke the token
|
||||
newly_revoked = do_revoke_token(token)
|
||||
newly_revoked = auth_service.revoke_token(token)
|
||||
|
||||
return {"revoked": True, "newly_revoked": newly_revoked}
|
||||
|
||||
|
||||
@router.post("/revoke-user")
|
||||
async def revoke_user_tokens(request: RevokeUserRequest):
|
||||
async def revoke_user_tokens(
|
||||
request: RevokeUserRequest,
|
||||
auth_service: AuthService = Depends(get_auth_service),
|
||||
):
|
||||
"""
|
||||
Revoke all tokens for a user. Called by L2 when user logs out.
|
||||
|
||||
This handles the case where L2 issued scoped tokens that differ from L2's own token.
|
||||
"""
|
||||
from server import revoke_all_user_tokens
|
||||
|
||||
# Revoke all tokens registered for this user
|
||||
count = revoke_all_user_tokens(request.username)
|
||||
count = auth_service.revoke_all_user_tokens(request.username)
|
||||
|
||||
return {
|
||||
"revoked": True,
|
||||
|
||||
Reference in New Issue
Block a user