Fix auth login URL and migrate users/me endpoint

- Fix SNAKKIMO_URL.replace('/api','') bug that stripped both /api occurrences
  producing wrong auth URL → use endswith/slice to remove only trailing /api
- Replace directus_users_me with JWT decode (snakkimo has no /users/me endpoint)
  Returns Directus-compatible shape with role.admin_access for UI admin checks

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-21 16:46:38 +02:00
parent e066ff7420
commit 79c6926cec

32
app.py
View File

@@ -87,8 +87,10 @@ def directus_auth_login():
body = request.get_json(force=True, silent=True) or {} body = request.get_json(force=True, silent=True) or {}
# Directus-Format: {"email": ..., "password": ...} → snakkimo gleich # Directus-Format: {"email": ..., "password": ...} → snakkimo gleich
req_body = {"email": body.get("email", ""), "password": body.get("password", "")} req_body = {"email": body.get("email", ""), "password": body.get("password", "")}
# Strip trailing /api to get base URL: https://host/api/snakkimo
snakkimo_base = SNAKKIMO_URL[:-4] if SNAKKIMO_URL.endswith('/api') else SNAKKIMO_URL
req = urllib.request.Request( req = urllib.request.Request(
f"{SNAKKIMO_URL.replace('/api', '')}/auth/login", f"{snakkimo_base}/auth/login",
data=json.dumps(req_body).encode(), data=json.dumps(req_body).encode(),
headers={"Content-Type": "application/json"}, headers={"Content-Type": "application/json"},
method="POST", method="POST",
@@ -105,11 +107,29 @@ def directus_auth_login():
@app.route("/api/directus/users/me", methods=["GET"]) @app.route("/api/directus/users/me", methods=["GET"])
def directus_users_me(): def directus_users_me():
"""Proxy: aktueller User inkl. Rolle (für Begrüßung + Admin-Check).""" """Returns current user info decoded from JWT in Directus-compatible shape."""
token = request.headers.get("Authorization", "") auth = request.headers.get("Authorization", "")
fields = "id,first_name,last_name,email,role.id,role.name,role.admin_access" raw_token = auth.removeprefix("Bearer ").strip()
data, status = _directus("GET", f"/users/me?fields={fields}", token) if not raw_token:
return jsonify(data), status return jsonify({"error": "Unauthorized"}), 401
try:
# Decode JWT payload without verification (signature checked by snakkimo)
import base64
payload_b64 = raw_token.split(".")[1]
# Add padding if needed
payload_b64 += "=" * (-len(payload_b64) % 4)
payload = json.loads(base64.urlsafe_b64decode(payload_b64).decode("utf-8"))
role = payload.get("role", "end-user")
is_admin = role == "admin"
return jsonify({"data": {
"id": payload.get("userId", ""),
"email": payload.get("email", ""),
"first_name": "",
"last_name": "",
"role": {"id": role, "name": role, "admin_access": is_admin},
}}), 200
except Exception as e:
return jsonify({"error": f"Token decode failed: {e}"}), 401
@app.route("/api/directus/pictures", methods=["GET"]) @app.route("/api/directus/pictures", methods=["GET"])