Merge dev to main: Security improvements and comprehensive test infrastructure #39
@@ -9,7 +9,7 @@ from slowapi.errors import RateLimitExceeded
|
|||||||
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp, litellm, cc_connect, info_engine, opc_tasks, opc_agents, opc_ws, opc_projects
|
from routers import docker_router, gitea, files, terminal, system, auth, chat_summary, security, passkey, totp, litellm, cc_connect, info_engine, opc_tasks, opc_agents, opc_ws, opc_projects
|
||||||
import auth as auth_module
|
import auth as auth_module
|
||||||
import config
|
import config
|
||||||
from rbac import require_page
|
from rbac import require_page, _inject_user
|
||||||
|
|
||||||
import asyncio
|
import asyncio
|
||||||
import httpx
|
import httpx
|
||||||
@@ -164,11 +164,6 @@ def _router_reachable():
|
|||||||
except Exception:
|
except Exception:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# Dependency to store user in request.state for rbac dependencies
|
|
||||||
async def _inject_user(request: Request, user = Depends(auth_module.get_current_user)):
|
|
||||||
request.state.user = user
|
|
||||||
return user
|
|
||||||
|
|
||||||
# Public auth endpoints
|
# Public auth endpoints
|
||||||
app.include_router(auth.router, prefix="/api/auth", tags=["auth"])
|
app.include_router(auth.router, prefix="/api/auth", tags=["auth"])
|
||||||
app.include_router(passkey.router, prefix="/api/auth", tags=["passkey"])
|
app.include_router(passkey.router, prefix="/api/auth", tags=["passkey"])
|
||||||
|
|||||||
Reference in New Issue
Block a user