art-dag/celery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix authentication to support both header and cookie auth

Browse Source 
All API endpoints now use require_auth or get_current_user which handle
both Authorization header (for CLI) and cookies (for browser). Previously
many endpoints only checked cookies via get_user_from_cookie.

Changed files:
- runs.py: list_runs, run_detail, run_plan, run_artifacts, plan_node_detail, ui_discard_run
- recipes.py: list_recipes, get_recipe, ui_discard_recipe
- storage.py: list_storage, add_storage_form, delete_storage, test_storage, storage_type_page
- cache.py: get_cached, list_media, get_metadata_form, update_metadata_htmx

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
gilesb
2026-01-12 14:56:52 +00:00
parent 79a74df2bb
commit 280dddebd0
4 changed files with 19 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
app/routers/storage.py
View File

@@ -47,19 +47,9 @@ class UpdateStorageRequest(BaseModel):
async def list_storage(
request: Request,
storage_service: StorageService = Depends(get_storage_service),
ctx: UserContext = Depends(require_auth),
):
"""List user's storage providers. HTML for browsers, JSON for API."""
from ..services.auth_service import AuthService
from ..dependencies import get_redis_client
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
if wants_json(request):
raise HTTPException(401, "Authentication required")
return RedirectResponse(url="/auth", status_code=302)
storages = await storage_service.list_storages(ctx.actor_id)
if wants_json(request):
@@ -120,12 +110,7 @@ async def add_storage_form(
storage_service: StorageService = Depends(get_storage_service),
):
"""Add a storage provider via HTML form."""
from ..services.auth_service import AuthService
from ..dependencies import get_redis_client
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
ctx = await get_current_user(request)
if not ctx:
return HTMLResponse('<div class="text-red-400">Not authenticated</div>', status_code=401)
@@ -208,17 +193,9 @@ async def delete_storage(
storage_id: int,
request: Request,
storage_service: StorageService = Depends(get_storage_service),
ctx: UserContext = Depends(require_auth),
):
"""Remove a storage provider."""
from ..services.auth_service import AuthService
from ..dependencies import get_redis_client
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
raise HTTPException(401, "Not authenticated")
success, error = await storage_service.delete_storage(storage_id, ctx.actor_id)
if error:
@@ -237,12 +214,7 @@ async def test_storage(
storage_service: StorageService = Depends(get_storage_service),
):
"""Test storage provider connectivity."""
from ..services.auth_service import AuthService
from ..dependencies import get_redis_client
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
ctx = await get_current_user(request)
if not ctx:
if wants_html(request):
return HTMLResponse('<span class="text-red-400">Not authenticated</span>', status_code=401)
@@ -262,19 +234,9 @@ async def storage_type_page(
provider_type: str,
request: Request,
storage_service: StorageService = Depends(get_storage_service),
ctx: UserContext = Depends(require_auth),
):
"""Page for managing storage configs of a specific type."""
from ..services.auth_service import AuthService
from ..dependencies import get_redis_client
auth_service = AuthService(get_redis_client())
ctx = auth_service.get_user_from_cookie(request)
if not ctx:
if wants_json(request):
raise HTTPException(401, "Authentication required")
return RedirectResponse(url="/auth", status_code=302)
if provider_type not in STORAGE_PROVIDERS_INFO:
raise HTTPException(404, "Invalid provider type")