diff --git a/dashboard/backend/main.py b/dashboard/backend/main.py index eaf9083..4921663 100644 --- a/dashboard/backend/main.py +++ b/dashboard/backend/main.py @@ -279,8 +279,10 @@ app.include_router( gitea.router, prefix="/api/gitea", dependencies=[Depends(_inject_user), Depends(require_page("gitea"))] ) app.include_router( - files.router, prefix="/api/files" + files.router, prefix="/api/files", dependencies=[Depends(_inject_user)] ) +# Public file download endpoint (no auth required for token-based downloads) +app.include_router(files.public_router, prefix="/api/files") app.include_router( system.router, prefix="/api/system", dependencies=[Depends(_inject_user), Depends(require_page("dashboard"))] ) diff --git a/dashboard/backend/routers/files.py b/dashboard/backend/routers/files.py index 2799693..2b255df 100644 --- a/dashboard/backend/routers/files.py +++ b/dashboard/backend/routers/files.py @@ -13,6 +13,7 @@ from config import VOLUME_ROOT from rbac import require_admin router = APIRouter() +public_router = APIRouter() # For endpoints that don't require auth logger = logging.getLogger(__name__) BASE = Path(VOLUME_ROOT) @@ -117,7 +118,7 @@ def create_download_token(path: str): raise HTTPException(status_code=403, detail="Access denied") -@router.get("/download") +@public_router.get("/download") def download(path: str = None, token: str = Query(None)): """Download a file. Supports both authenticated access (path param) and token-based access (token param).""" try: