git-sync/profilarr
1
0
Fork 0
mirror of https://github.com/Dictionarry-Hub/profilarr.git synced 2026-01-22 10:51:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3a0deb16fa1c278e4b0f4020afe1e975327d5640
profilarr/backend/app/middleware.py

61 lines
2.2 KiB
Python
Raw Blame History

# backend/app/middleware.py
from flask import request, session, jsonify, send_from_directory
from .db import get_db
import logging
logger = logging.getLogger(__name__)
def init_middleware(app):
"""Initialize authentication middleware for the Flask app"""
@app.before_request
def authenticate_request():
# Skip authentication for OPTIONS requests (CORS preflight)
if request.method == 'OPTIONS':
return
# Always allow auth endpoints
if request.path.startswith('/api/auth/'):
return
# Allow static assets needed for auth pages
if request.path.startswith(
('/assets/',
'/static/')) or request.path in ['/', '/regex.svg', '/clone.svg']:
return
# For API routes, require auth
if request.path.startswith('/api/'):
# Check session authentication (for web users)
if session.get('authenticated'):
db = get_db()
user = db.execute('SELECT session_id FROM auth').fetchone()
if user and session.get('session_id') == user['session_id']:
return
# Check API key authentication (for API users)
api_key = request.headers.get('X-Api-Key')
if api_key:
db = get_db()
try:
user = db.execute('SELECT 1 FROM auth WHERE api_key = ?',
(api_key, )).fetchone()
if user:
return
logger.warning(
f'Invalid API key attempt: {api_key[:10]}...')
except Exception as e:
logger.error(
f'Database error during API key check: {str(e)}')
return jsonify({'error': 'Internal server error'}), 500
# If no valid authentication is found, return 401
logger.warning(f'Unauthorized access attempt to {request.path}')
return jsonify({'error': 'Unauthorized'}), 401
# For all other routes (frontend routes), serve index.html
# This lets React handle auth and routing
return send_from_directory(app.static_folder, 'index.html')
Reference in New Issue View Git Blame Copy Permalink