fix: skip auth token when Authelia authed + frontend search bar improvements

This commit is contained in:
Gan, Jimmy
2026-07-09 22:53:06 +08:00
parent 90a47c95c3
commit 5c767190d2
3 changed files with 275 additions and 87 deletions
+4
View File
@@ -36,7 +36,11 @@ async def validate_api_token(request: Request, call_next):
path = request.url.path
method = request.method
# Only check auth for write operations on /api/*
# Skip token check if Authelia/Caddy already authenticated the user
if path.startswith("/api/") and method in ("POST", "PATCH", "DELETE") and API_TOKEN:
# Check if request came through Authelia (Remote-User header set by Caddy forward_auth)
if request.headers.get("Remote-User"):
return await call_next(request)
auth_header = request.headers.get("Authorization", "")
if not auth_header.startswith("Bearer ") or auth_header[7:] != API_TOKEN:
return JSONResponse(status_code=401, content={"detail": "Unauthorized"})