diff --git a/app.py b/app.py index 0b3b274..a0bc4d2 100644 --- a/app.py +++ b/app.py @@ -87,8 +87,10 @@ def directus_auth_login(): body = request.get_json(force=True, silent=True) or {} # Directus-Format: {"email": ..., "password": ...} → snakkimo gleich req_body = {"email": body.get("email", ""), "password": body.get("password", "")} + # Strip trailing /api to get base URL: https://host/api/snakkimo + snakkimo_base = SNAKKIMO_URL[:-4] if SNAKKIMO_URL.endswith('/api') else SNAKKIMO_URL req = urllib.request.Request( - f"{SNAKKIMO_URL.replace('/api', '')}/auth/login", + f"{snakkimo_base}/auth/login", data=json.dumps(req_body).encode(), headers={"Content-Type": "application/json"}, method="POST", @@ -105,11 +107,29 @@ def directus_auth_login(): @app.route("/api/directus/users/me", methods=["GET"]) def directus_users_me(): - """Proxy: aktueller User inkl. Rolle (für Begrüßung + Admin-Check).""" - token = request.headers.get("Authorization", "") - fields = "id,first_name,last_name,email,role.id,role.name,role.admin_access" - data, status = _directus("GET", f"/users/me?fields={fields}", token) - return jsonify(data), status + """Returns current user info decoded from JWT in Directus-compatible shape.""" + auth = request.headers.get("Authorization", "") + raw_token = auth.removeprefix("Bearer ").strip() + if not raw_token: + return jsonify({"error": "Unauthorized"}), 401 + try: + # Decode JWT payload without verification (signature checked by snakkimo) + import base64 + payload_b64 = raw_token.split(".")[1] + # Add padding if needed + payload_b64 += "=" * (-len(payload_b64) % 4) + payload = json.loads(base64.urlsafe_b64decode(payload_b64).decode("utf-8")) + role = payload.get("role", "end-user") + is_admin = role == "admin" + return jsonify({"data": { + "id": payload.get("userId", ""), + "email": payload.get("email", ""), + "first_name": "", + "last_name": "", + "role": {"id": role, "name": role, "admin_access": is_admin}, + }}), 200 + except Exception as e: + return jsonify({"error": f"Token decode failed: {e}"}), 401 @app.route("/api/directus/pictures", methods=["GET"])