art-dag/celery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix authentication to support both header and cookie auth

Browse Source 
All API endpoints now use require_auth or get_current_user which handle
both Authorization header (for CLI) and cookies (for browser). Previously
many endpoints only checked cookies via get_user_from_cookie.

Changed files:
- runs.py: list_runs, run_detail, run_plan, run_artifacts, plan_node_detail, ui_discard_run
- recipes.py: list_recipes, get_recipe, ui_discard_recipe
- storage.py: list_storage, add_storage_form, delete_storage, test_storage, storage_type_page
- cache.py: get_cached, list_media, get_metadata_form, update_metadata_htmx

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-12 14:56:52 +00:00
parent 79a74df2bb
commit 280dddebd0
4 changed files with 19 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
app/routers/runs.py
View File

@@ -370,18 +370,9 @@ async def list_runs(
offset: int = 0,
limit: int = 20,
run_service: RunService = Depends(get_run_service),
ctx: UserContext = Depends(require_auth),
):
"""List all runs for the current user."""
from ..services.auth_service import AuthService
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
if wants_json(request):
raise HTTPException(401, "Authentication required")
from fastapi.responses import RedirectResponse
return RedirectResponse(url="/auth", status_code=302)
runs = await run_service.list_runs(ctx.actor_id, offset=offset, limit=limit)
has_more = len(runs) >= limit
@@ -449,19 +440,9 @@ async def run_detail(
run_id: str,
request: Request,
run_service: RunService = Depends(get_run_service),
ctx: UserContext = Depends(require_auth),
):
"""Run detail page with tabs for plan/analysis/artifacts."""
from ..services.auth_service import AuthService
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
if wants_json(request):
raise HTTPException(401, "Authentication required")
from fastapi.responses import RedirectResponse
return RedirectResponse(url="/auth", status_code=302)
run = await run_service.get_run(run_id)
if not run:
raise HTTPException(404, f"Run {run_id} not found")
@@ -532,16 +513,9 @@ async def run_plan(
run_id: str,
request: Request,
run_service: RunService = Depends(get_run_service),
ctx: UserContext = Depends(require_auth),
):
"""Plan visualization as interactive DAG."""
from ..services.auth_service import AuthService
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
raise HTTPException(401, "Authentication required")
plan = await run_service.get_run_plan(run_id)
if not plan:
raise HTTPException(404, "Plan not found for this run")
@@ -597,16 +571,9 @@ async def run_artifacts(
run_id: str,
request: Request,
run_service: RunService = Depends(get_run_service),
ctx: UserContext = Depends(require_auth),
):
"""Get artifacts list for a run."""
from ..services.auth_service import AuthService
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
raise HTTPException(401, "Authentication required")
artifacts = await run_service.get_run_artifacts(run_id)
if wants_json(request):
@@ -629,12 +596,9 @@ async def plan_node_detail(
run_service: RunService = Depends(get_run_service),
):
"""HTMX partial: Get plan node detail by cache_id."""
from ..services.auth_service import AuthService
from artdag_common import render_fragment
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
ctx = await get_current_user(request)
if not ctx:
return HTMLResponse('<p class="text-red-400">Login required</p>', status_code=401)
@@ -732,11 +696,7 @@ async def ui_discard_run(
run_service: RunService = Depends(get_run_service),
):
"""HTMX handler: discard a run."""
from ..services.auth_service import AuthService
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
ctx = await get_current_user(request)
if not ctx:
return HTMLResponse(
'<div class="text-red-400">Login required</div>',