Malin/DomGod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: auth loop — exempt only /login and /logout, not entire /api/auth/ prefix

Browse Source
This commit is contained in:
Malin
2026-05-14 20:18:37 +02:00
parent efbee1540c
commit e5abd22d34
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/beauty_main.py
View File

@@ -123,9 +123,12 @@ app = FastAPI(title="BeautyLeads", lifespan=lifespan)
# ── Auth middleware ─────────────────────────────────────────────────────────── # ── Auth middleware ───────────────────────────────────────────────────────────
class AuthMiddleware(BaseHTTPMiddleware): class AuthMiddleware(BaseHTTPMiddleware):
# Paths that don't require a session # Only these exact paths skip the session check:
_EXEMPT_PREFIXES = ("/api/auth/",) # - login (no session yet)
_EXEMPT_EXACT = {"/login.html", "/favicon.ico"} # - logout (gracefully accepts expired/missing session)
# - login page and favicon
_EXEMPT_PREFIXES = ()
_EXEMPT_EXACT = {"/api/auth/login", "/api/auth/logout", "/login.html", "/favicon.ico"}
async def dispatch(self, request: Request, call_next): async def dispatch(self, request: Request, call_next):
path = request.url.path path = request.url.path