Lars/mitai-jinkendo
1
0
Fork 0
Code Issues 33 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

fix: execute-stream nutzt require_auth_flexible
All checks were successful
Deploy Development / deploy (push) Successful in 54s
Details
Build Test / pytest-backend (push) Successful in 5s
Details
Build Test / lint-backend (push) Successful in 0s
Details
Build Test / build-frontend (push) Successful in 16s
Details

Browse Source 
Backend:
- Ersetzt manuelle Token-Validierung durch Depends(require_auth_flexible)
- Nutzt get_session() mit expires_at Check + profiles JOIN
- Token-Parameter nicht mehr nötig (require_auth_flexible holt ihn)

Root Cause (Live-Logs):
- Request kam an mit Token: 401 Unauthorized
- Manuelle Auth: SELECT profile_id FROM sessions WHERE token = %s
- Fehlte: expires_at Check + profiles JOIN
- require_auth_flexible nutzt vollständige get_session() Logik

Fixes:
- "Connection to server lost" - Token-Validierung funktioniert jetzt

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Lars 2026-04-18 07:24:49 +02:00
parent ec85d5f5f6
commit d13e7cda26
1 changed files with 4 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
backend/routers/prompts.py
View File

@ -12,7 +12,7 @@ from fastapi import APIRouter, Depends, HTTPException, Query, Header
from fastapi.responses import StreamingResponse from fastapi.responses import StreamingResponse
from db import get_db, get_cursor, r2d from db import get_db, get_cursor, r2d
from auth import require_auth, require_admin from auth import require_auth, require_admin, require_auth_flexible
from models import ( from models import (
PromptCreate, PromptUpdate, PromptGenerateRequest, PromptCreate, PromptUpdate, PromptGenerateRequest,
PipelineConfigCreate, PipelineConfigUpdate PipelineConfigCreate, PipelineConfigUpdate
@ -1448,9 +1448,9 @@ from models import UnifiedPromptCreate, UnifiedPromptUpdate
@router.get("/execute-stream") @router.get("/execute-stream")
async def execute_unified_prompt_stream( async def execute_unified_prompt_stream(
prompt_slug: str = Query(..., description="Slug of prompt to execute"), prompt_slug: str = Query(..., description="Slug of prompt to execute"),
token: Optional[str] = Query(None, description="Auth token (temporary solution for SSE)"),
debug: bool = Query(False, description="Include debug information (node_states, etc.)"), debug: bool = Query(False, description="Include debug information (node_states, etc.)"),
save: bool = Query(False, description="Save result to ai_insights") save: bool = Query(False, description="Save result to ai_insights"),
session: dict = Depends(require_auth_flexible)
): ):
""" """
Execute a unified prompt with Server-Sent Events (SSE) streaming. Execute a unified prompt with Server-Sent Events (SSE) streaming.
@ -1463,17 +1463,7 @@ async def execute_unified_prompt_stream(
Use this endpoint for long-running workflows (>30s) to avoid gateway timeouts. Use this endpoint for long-running workflows (>30s) to avoid gateway timeouts.
""" """
# Manual auth: verify token and get profile_id profile_id = session['profile_id']
if not token:
raise HTTPException(401, "Missing auth token")
with get_db() as conn:
cur = get_cursor(conn)
cur.execute("SELECT profile_id FROM sessions WHERE token = %s", (token,))
row = cur.fetchone()
if not row:
raise HTTPException(401, "Invalid or expired token")
profile_id = row['profile_id']
# Use default modules/timeframes (SSE doesn't support complex params) # Use default modules/timeframes (SSE doesn't support complex params)
modules = { modules = {