修复登录

This commit is contained in:
dekun
2026-05-22 12:21:58 +08:00
parent 0f684eb043
commit 16b10e123e
4 changed files with 34 additions and 9 deletions
+7 -5
View File
@@ -23,7 +23,7 @@ from settings_store import (
from hub_web_auth import (
SESSION_COOKIE,
SESSION_MAX_AGE_SEC,
cookie_secure,
cookie_secure_for_request,
create_session_token,
is_public_path,
password_required,
@@ -160,12 +160,13 @@ def api_auth_status(request: Request):
@app.post("/api/auth/login")
def api_auth_login(body: LoginBody):
def api_auth_login(body: LoginBody, request: Request):
if not password_required():
return {"ok": True, "auth_disabled": True}
if not verify_credentials(body.username, body.password):
raise HTTPException(status_code=401, detail="用户名或密码错误")
token = create_session_token(body.username)
secure = cookie_secure_for_request(request)
resp = JSONResponse({"ok": True})
resp.set_cookie(
SESSION_COOKIE,
@@ -174,15 +175,16 @@ def api_auth_login(body: LoginBody):
samesite="lax",
path="/",
max_age=SESSION_MAX_AGE_SEC,
secure=cookie_secure(),
secure=secure,
)
return resp
@app.post("/api/auth/logout")
def api_auth_logout():
def api_auth_logout(request: Request):
secure = cookie_secure_for_request(request)
resp = JSONResponse({"ok": True})
resp.delete_cookie(SESSION_COOKIE, path="/")
resp.delete_cookie(SESSION_COOKIE, path="/", secure=secure)
return resp