From d2b4f74cd25ae180457cf30dd9a2f9b07a77fe30 Mon Sep 17 00:00:00 2001 From: Lars Date: Sat, 18 Apr 2026 07:53:18 +0200 Subject: [PATCH] fix: Query parameter conflict in require_auth_flexible Root Cause Analysis: - FastAPI cannot distinguish between endpoint Query params and Dependency Query params - When endpoint has Query(...), dependency Query(default=None, name='token') is ignored - Token went to endpoint, not to require_auth_flexible Solution: - Renamed internal parameter to auth_token with alias='token' - Now FastAPI correctly routes ?token=XXX to the dependency - Uses Query(default=None, alias='token') to maintain API compatibility Testing: - Header auth: Works (X-Auth-Token) - Query auth: Now works (?token=XXX) Co-Authored-By: Claude Sonnet 4.5 --- backend/auth.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/backend/auth.py b/backend/auth.py index 012e6ac..0d25b83 100644 --- a/backend/auth.py +++ b/backend/auth.py @@ -76,11 +76,12 @@ def require_auth(x_auth_token: Optional[str] = Header(default=None)): return session -def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), token: Optional[str] = Query(default=None)): +def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), auth_token: Optional[str] = Query(default=None, alias="token")): """ FastAPI dependency - auth via header OR query parameter. Used for endpoints accessed by tags that can't send headers. + Query parameter is 'token' (via alias) to avoid conflicts with endpoint parameters. Usage: @app.get("/api/photos/{id}") @@ -90,9 +91,7 @@ def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), to Raises: HTTPException 401 if not authenticated """ - print(f"[DEBUG] require_auth_flexible: x_auth_token={x_auth_token!r}, token={token!r}") - session = get_session(x_auth_token or token) - print(f"[DEBUG] get_session returned: {session!r}") + session = get_session(x_auth_token or auth_token) if not session: raise HTTPException(401, "Nicht eingeloggt") return session