修复登录
This commit is contained in:
@@ -23,7 +23,7 @@ from settings_store import (
|
||||
from hub_web_auth import (
|
||||
SESSION_COOKIE,
|
||||
SESSION_MAX_AGE_SEC,
|
||||
cookie_secure,
|
||||
cookie_secure_for_request,
|
||||
create_session_token,
|
||||
is_public_path,
|
||||
password_required,
|
||||
@@ -160,12 +160,13 @@ def api_auth_status(request: Request):
|
||||
|
||||
|
||||
@app.post("/api/auth/login")
|
||||
def api_auth_login(body: LoginBody):
|
||||
def api_auth_login(body: LoginBody, request: Request):
|
||||
if not password_required():
|
||||
return {"ok": True, "auth_disabled": True}
|
||||
if not verify_credentials(body.username, body.password):
|
||||
raise HTTPException(status_code=401, detail="用户名或密码错误")
|
||||
token = create_session_token(body.username)
|
||||
secure = cookie_secure_for_request(request)
|
||||
resp = JSONResponse({"ok": True})
|
||||
resp.set_cookie(
|
||||
SESSION_COOKIE,
|
||||
@@ -174,15 +175,16 @@ def api_auth_login(body: LoginBody):
|
||||
samesite="lax",
|
||||
path="/",
|
||||
max_age=SESSION_MAX_AGE_SEC,
|
||||
secure=cookie_secure(),
|
||||
secure=secure,
|
||||
)
|
||||
return resp
|
||||
|
||||
|
||||
@app.post("/api/auth/logout")
|
||||
def api_auth_logout():
|
||||
def api_auth_logout(request: Request):
|
||||
secure = cookie_secure_for_request(request)
|
||||
resp = JSONResponse({"ok": True})
|
||||
resp.delete_cookie(SESSION_COOKIE, path="/")
|
||||
resp.delete_cookie(SESSION_COOKIE, path="/", secure=secure)
|
||||
return resp
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user