Fix auth login URL and migrate users/me endpoint
- Fix SNAKKIMO_URL.replace('/api','') bug that stripped both /api occurrences
producing wrong auth URL → use endswith/slice to remove only trailing /api
- Replace directus_users_me with JWT decode (snakkimo has no /users/me endpoint)
Returns Directus-compatible shape with role.admin_access for UI admin checks
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
32
app.py
32
app.py
@@ -87,8 +87,10 @@ def directus_auth_login():
|
|||||||
body = request.get_json(force=True, silent=True) or {}
|
body = request.get_json(force=True, silent=True) or {}
|
||||||
# Directus-Format: {"email": ..., "password": ...} → snakkimo gleich
|
# Directus-Format: {"email": ..., "password": ...} → snakkimo gleich
|
||||||
req_body = {"email": body.get("email", ""), "password": body.get("password", "")}
|
req_body = {"email": body.get("email", ""), "password": body.get("password", "")}
|
||||||
|
# Strip trailing /api to get base URL: https://host/api/snakkimo
|
||||||
|
snakkimo_base = SNAKKIMO_URL[:-4] if SNAKKIMO_URL.endswith('/api') else SNAKKIMO_URL
|
||||||
req = urllib.request.Request(
|
req = urllib.request.Request(
|
||||||
f"{SNAKKIMO_URL.replace('/api', '')}/auth/login",
|
f"{snakkimo_base}/auth/login",
|
||||||
data=json.dumps(req_body).encode(),
|
data=json.dumps(req_body).encode(),
|
||||||
headers={"Content-Type": "application/json"},
|
headers={"Content-Type": "application/json"},
|
||||||
method="POST",
|
method="POST",
|
||||||
@@ -105,11 +107,29 @@ def directus_auth_login():
|
|||||||
|
|
||||||
@app.route("/api/directus/users/me", methods=["GET"])
|
@app.route("/api/directus/users/me", methods=["GET"])
|
||||||
def directus_users_me():
|
def directus_users_me():
|
||||||
"""Proxy: aktueller User inkl. Rolle (für Begrüßung + Admin-Check)."""
|
"""Returns current user info decoded from JWT in Directus-compatible shape."""
|
||||||
token = request.headers.get("Authorization", "")
|
auth = request.headers.get("Authorization", "")
|
||||||
fields = "id,first_name,last_name,email,role.id,role.name,role.admin_access"
|
raw_token = auth.removeprefix("Bearer ").strip()
|
||||||
data, status = _directus("GET", f"/users/me?fields={fields}", token)
|
if not raw_token:
|
||||||
return jsonify(data), status
|
return jsonify({"error": "Unauthorized"}), 401
|
||||||
|
try:
|
||||||
|
# Decode JWT payload without verification (signature checked by snakkimo)
|
||||||
|
import base64
|
||||||
|
payload_b64 = raw_token.split(".")[1]
|
||||||
|
# Add padding if needed
|
||||||
|
payload_b64 += "=" * (-len(payload_b64) % 4)
|
||||||
|
payload = json.loads(base64.urlsafe_b64decode(payload_b64).decode("utf-8"))
|
||||||
|
role = payload.get("role", "end-user")
|
||||||
|
is_admin = role == "admin"
|
||||||
|
return jsonify({"data": {
|
||||||
|
"id": payload.get("userId", ""),
|
||||||
|
"email": payload.get("email", ""),
|
||||||
|
"first_name": "",
|
||||||
|
"last_name": "",
|
||||||
|
"role": {"id": role, "name": role, "admin_access": is_admin},
|
||||||
|
}}), 200
|
||||||
|
except Exception as e:
|
||||||
|
return jsonify({"error": f"Token decode failed: {e}"}), 401
|
||||||
|
|
||||||
|
|
||||||
@app.route("/api/directus/pictures", methods=["GET"])
|
@app.route("/api/directus/pictures", methods=["GET"])
|
||||||
|
|||||||
Reference in New Issue
Block a user