This commit is contained in:
dekun
2026-05-30 12:04:03 +08:00
parent 8ffe46a344
commit 61c4d54305
3 changed files with 88 additions and 25 deletions
+7 -5
View File
@@ -32,6 +32,7 @@ from settings_store import (
from hub_web_auth import (
SESSION_COOKIE,
SESSION_MAX_AGE_SEC,
clear_session_cookie,
cookie_secure_for_request,
create_session_token,
embed_allowed,
@@ -211,8 +212,9 @@ def api_auth_login(body: LoginBody, request: Request):
if not verify_credentials(body.username, body.password):
raise HTTPException(status_code=401, detail="用户名或密码错误")
token = create_session_token(body.username)
resp = JSONResponse({"ok": True, "session_token": token})
set_session_cookie(resp, request, token)
embed = (request.headers.get("x-hub-embed") or "").strip() == "1"
resp = JSONResponse({"ok": True, "session_token": token, "embed": embed})
set_session_cookie(resp, request, token, embed=embed)
return resp
@@ -231,15 +233,15 @@ def embed_auth_login(request: Request, token: str = "", next: str = "/monitor"):
q = urlencode({"next": dest, "embed": "1"})
return RedirectResponse(f"/login?{q}", status_code=302)
resp = RedirectResponse(dest, status_code=302)
set_session_cookie(resp, request, token)
set_session_cookie(resp, request, token, embed=True)
return resp
@app.post("/api/auth/logout")
def api_auth_logout(request: Request):
secure = cookie_secure_for_request(request)
embed = (request.headers.get("x-hub-embed") or "").strip() == "1"
resp = JSONResponse({"ok": True})
resp.delete_cookie(SESSION_COOKIE, path="/", secure=secure)
clear_session_cookie(resp, request, embed=embed)
return resp