fix: skip auth token when Authelia authed + frontend search bar improvements
This commit is contained in:
@@ -36,7 +36,11 @@ async def validate_api_token(request: Request, call_next):
|
||||
path = request.url.path
|
||||
method = request.method
|
||||
# Only check auth for write operations on /api/*
|
||||
# Skip token check if Authelia/Caddy already authenticated the user
|
||||
if path.startswith("/api/") and method in ("POST", "PATCH", "DELETE") and API_TOKEN:
|
||||
# Check if request came through Authelia (Remote-User header set by Caddy forward_auth)
|
||||
if request.headers.get("Remote-User"):
|
||||
return await call_next(request)
|
||||
auth_header = request.headers.get("Authorization", "")
|
||||
if not auth_header.startswith("Bearer ") or auth_header[7:] != API_TOKEN:
|
||||
return JSONResponse(status_code=401, content={"detail": "Unauthorized"})
|
||||
|
||||
Reference in New Issue
Block a user