Fix: Directus-Auth via Flask-Proxy (CORS umgehen)

Login und Bildliste laufen jetzt über /api/directus/* statt direkt
zu db.hejyou.com – kein CORS-Problem mehr im Browser.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-04-25 11:28:11 +02:00
parent a392b680d2
commit 278289a380
2 changed files with 48 additions and 5 deletions

44
app.py
View File

@@ -2,12 +2,16 @@ from pathlib import Path
from datetime import datetime from datetime import datetime
from uuid import uuid4 from uuid import uuid4
import json import json
import urllib.request
import urllib.error
from flask import Flask, send_from_directory, request, jsonify from flask import Flask, send_from_directory, request, jsonify
from flask_cors import CORS from flask_cors import CORS
from PIL import Image from PIL import Image
import ollama import ollama
DIRECTUS_URL = "https://db.hejyou.com"
BASE_DIR = Path(__file__).resolve().parent BASE_DIR = Path(__file__).resolve().parent
PICTURES_DIR = BASE_DIR / "pictures" PICTURES_DIR = BASE_DIR / "pictures"
OBJECTS_DIR = BASE_DIR / "objects_image" OBJECTS_DIR = BASE_DIR / "objects_image"
@@ -34,6 +38,46 @@ def read_prompt(filepath: Path, fallback: str) -> str:
return fallback.strip() return fallback.strip()
@app.route("/api/directus/auth/login", methods=["POST"])
def directus_auth_login():
"""Proxy: Directus-Login ohne CORS-Probleme."""
try:
body = json.dumps(request.get_json()).encode("utf-8")
req = urllib.request.Request(
f"{DIRECTUS_URL}/auth/login",
data=body,
headers={"Content-Type": "application/json"},
method="POST",
)
with urllib.request.urlopen(req) as resp:
data = json.loads(resp.read().decode("utf-8"))
return jsonify(data)
except urllib.error.HTTPError as e:
data = json.loads(e.read().decode("utf-8"))
return jsonify(data), e.code
except Exception as e:
return jsonify({"errors": [{"message": str(e)}]}), 500
@app.route("/api/directus/pictures", methods=["GET"])
def directus_pictures():
"""Proxy: Directus-Bilder (status=new) ohne CORS-Probleme."""
token = request.headers.get("Authorization", "")
try:
req = urllib.request.Request(
f"{DIRECTUS_URL}/items/pictures?filter[status][_eq]=new&fields=id,media,status&sort=date_created",
headers={"Authorization": token},
)
with urllib.request.urlopen(req) as resp:
data = json.loads(resp.read().decode("utf-8"))
return jsonify(data)
except urllib.error.HTTPError as e:
data = json.loads(e.read().decode("utf-8"))
return jsonify(data), e.code
except Exception as e:
return jsonify({"errors": [{"message": str(e)}]}), 500
@app.route("/api/images", methods=["GET"]) @app.route("/api/images", methods=["GET"])
def list_images(): def list_images():
""" """

View File

@@ -3,7 +3,7 @@ import type { ObjectMeta, Sentence } from './types'
const DIRECTUS_URL = 'https://db.hejyou.com' const DIRECTUS_URL = 'https://db.hejyou.com'
export async function directusLogin(email: string, password: string): Promise<string> { export async function directusLogin(email: string, password: string): Promise<string> {
const res = await fetch(`${DIRECTUS_URL}/auth/login`, { const res = await fetch('/api/directus/auth/login', {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password }), body: JSON.stringify({ email, password }),
@@ -20,10 +20,9 @@ export interface DirectusPicture {
} }
export async function getDirectusPictures(token: string): Promise<DirectusPicture[]> { export async function getDirectusPictures(token: string): Promise<DirectusPicture[]> {
const res = await fetch( const res = await fetch('/api/directus/pictures', {
`${DIRECTUS_URL}/items/pictures?filter[status][_eq]=new&fields=id,media,status&sort=date_created`, headers: { Authorization: `Bearer ${token}` },
{ headers: { Authorization: `Bearer ${token}` } } })
)
if (!res.ok) throw new Error('Fehler beim Laden der Directus-Bilder') if (!res.ok) throw new Error('Fehler beim Laden der Directus-Bilder')
const data = await res.json() const data = await res.json()
return data.data as DirectusPicture[] return data.data as DirectusPicture[]