Fix auth login URL and migrate users/me endpoint
- Fix SNAKKIMO_URL.replace('/api','') bug that stripped both /api occurrences
producing wrong auth URL → use endswith/slice to remove only trailing /api
- Replace directus_users_me with JWT decode (snakkimo has no /users/me endpoint)
Returns Directus-compatible shape with role.admin_access for UI admin checks
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
32
app.py
32
app.py
@@ -87,8 +87,10 @@ def directus_auth_login():
|
||||
body = request.get_json(force=True, silent=True) or {}
|
||||
# Directus-Format: {"email": ..., "password": ...} → snakkimo gleich
|
||||
req_body = {"email": body.get("email", ""), "password": body.get("password", "")}
|
||||
# Strip trailing /api to get base URL: https://host/api/snakkimo
|
||||
snakkimo_base = SNAKKIMO_URL[:-4] if SNAKKIMO_URL.endswith('/api') else SNAKKIMO_URL
|
||||
req = urllib.request.Request(
|
||||
f"{SNAKKIMO_URL.replace('/api', '')}/auth/login",
|
||||
f"{snakkimo_base}/auth/login",
|
||||
data=json.dumps(req_body).encode(),
|
||||
headers={"Content-Type": "application/json"},
|
||||
method="POST",
|
||||
@@ -105,11 +107,29 @@ def directus_auth_login():
|
||||
|
||||
@app.route("/api/directus/users/me", methods=["GET"])
|
||||
def directus_users_me():
|
||||
"""Proxy: aktueller User inkl. Rolle (für Begrüßung + Admin-Check)."""
|
||||
token = request.headers.get("Authorization", "")
|
||||
fields = "id,first_name,last_name,email,role.id,role.name,role.admin_access"
|
||||
data, status = _directus("GET", f"/users/me?fields={fields}", token)
|
||||
return jsonify(data), status
|
||||
"""Returns current user info decoded from JWT in Directus-compatible shape."""
|
||||
auth = request.headers.get("Authorization", "")
|
||||
raw_token = auth.removeprefix("Bearer ").strip()
|
||||
if not raw_token:
|
||||
return jsonify({"error": "Unauthorized"}), 401
|
||||
try:
|
||||
# Decode JWT payload without verification (signature checked by snakkimo)
|
||||
import base64
|
||||
payload_b64 = raw_token.split(".")[1]
|
||||
# Add padding if needed
|
||||
payload_b64 += "=" * (-len(payload_b64) % 4)
|
||||
payload = json.loads(base64.urlsafe_b64decode(payload_b64).decode("utf-8"))
|
||||
role = payload.get("role", "end-user")
|
||||
is_admin = role == "admin"
|
||||
return jsonify({"data": {
|
||||
"id": payload.get("userId", ""),
|
||||
"email": payload.get("email", ""),
|
||||
"first_name": "",
|
||||
"last_name": "",
|
||||
"role": {"id": role, "name": role, "admin_access": is_admin},
|
||||
}}), 200
|
||||
except Exception as e:
|
||||
return jsonify({"error": f"Token decode failed: {e}"}), 401
|
||||
|
||||
|
||||
@app.route("/api/directus/pictures", methods=["GET"])
|
||||
|
||||
Reference in New Issue
Block a user