Lars/mitai-jinkendo
1
0
Fork 0
Code Issues 33 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Bug-Fixing Analyse Fehler #87

Merged
Lars merged 20 commits from develop into main 2026-04-18 09:54:12 +02:00
Conversation 0 Commits 20 Files Changed 5 +19 -5
3 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit d66e68a5df - Show all commits

16
backend/auth.py
View File

@ -76,22 +76,30 @@ def require_auth(x_auth_token: Optional[str] = Header(default=None)):
return session return session
def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), auth_token: Optional[str] = Query(default=None, alias="token")): def require_auth_flexible(x_auth_token: Optional[str] = Header(default=None), ssetoken: Optional[str] = Query(default=None)):
""" """
FastAPI dependency - auth via header OR query parameter. FastAPI dependency - auth via header OR query parameter.
Used for endpoints accessed by <img> tags that can't send headers. Used for endpoints accessed by <img> tags and SSE connections that can't send headers.
Query parameter is 'token' (via alias) to avoid conflicts with endpoint parameters. Query parameter is 'ssetoken' to avoid conflicts with endpoint 'token' parameters.
Usage: Usage:
@app.get("/api/photos/{id}") @app.get("/api/photos/{id}")
def get_photo(id: str, session: dict = Depends(require_auth_flexible)): def get_photo(id: str, session: dict = Depends(require_auth_flexible)):
... ...
Call with: ?ssetoken=XXX or Header: X-Auth-Token: XXX
Raises: Raises:
HTTPException 401 if not authenticated HTTPException 401 if not authenticated
""" """
session = get_session(x_auth_token or auth_token) import logging
logger = logging.getLogger("uvicorn.error")
logger.info(f"[AUTH_FLEX] header={x_auth_token!r}, query={ssetoken!r}")
session = get_session(x_auth_token or ssetoken)
logger.info(f"[AUTH_FLEX] session={session!r}")
if not session: if not session:
raise HTTPException(401, "Nicht eingeloggt") raise HTTPException(401, "Nicht eingeloggt")
return session return session

5
backend/routers/prompts.py
View File

@ -32,6 +32,11 @@ OPENROUTER_MODEL = os.getenv("OPENROUTER_MODEL", "anthropic/claude-sonnet-4")
router = APIRouter(prefix="/api/prompts", tags=["prompts"]) router = APIRouter(prefix="/api/prompts", tags=["prompts"])
@router.get("/test-ssetoken")
def test_ssetoken_auth(session: dict = Depends(require_auth_flexible)):
"""Test endpoint for SSE token auth debugging"""
return {"status": "ok", "profile_id": session['profile_id']}
# Metadaten-Schlüssel in workflow aggregate_results (nicht als „einziger“ Nutzer-Output) # Metadaten-Schlüssel in workflow aggregate_results (nicht als „einziger“ Nutzer-Output)
_WORKFLOW_AGG_META_KEYS = frozenset({ _WORKFLOW_AGG_META_KEYS = frozenset({
"combined_analysis", "combined_analysis",

3
frontend/src/utils/api.js
View File

@ -484,8 +484,9 @@ export const api = {
// TODO: Security improvement - use session cookie instead of token in URL // TODO: Security improvement - use session cookie instead of token in URL
// For now, send token as query param since EventSource doesn't support custom headers // For now, send token as query param since EventSource doesn't support custom headers
// Using 'ssetoken' to avoid conflicts with endpoint 'token' parameters
const token = getToken() const token = getToken()
if (token) params.append('token', token) if (token) params.append('ssetoken', token)
if (modules) { if (modules) {
Object.entries(modules).forEach(([k, v]) => params.append(`modules[${k}]`, v)) Object.entries(modules).forEach(([k, v]) => params.append(`modules[${k}]`, v))