Projets/ObsiGate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Introduce core backend application with authentication API and a new popout HTML page.

Browse Source
This commit is contained in:
Bruno Charest 2026-03-24 09:51:38 -04:00
parent 5e300f9ada
commit 46e054f5dd
3 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
backend/auth/router.py
View File

@ -138,6 +138,17 @@ async def login(request: LoginRequest, response: Response):
logger.info(f"User '{request.username}' logged in") logger.info(f"User '{request.username}' logged in")
# Set access token as cookie for same-origin requests (e.g. popout window)
response.set_cookie(
key="access_token",
value=access_token,
max_age=ACCESS_TOKEN_EXPIRE_SECONDS,
httponly=True,
samesite="lax",
secure=secure,
path="/",
)
return { return {
"access_token": access_token, "access_token": access_token,
"token_type": "bearer", "token_type": "bearer",
@ -174,6 +185,19 @@ async def refresh_token_endpoint(request: Request, response: Response):
new_access_token = create_access_token(user) new_access_token = create_access_token(user)
# Update cookies
import os
secure = os.environ.get("OBSIGATE_SECURE_COOKIES", "false").lower() == "true"
response.set_cookie(
key="access_token",
value=new_access_token,
max_age=ACCESS_TOKEN_EXPIRE_SECONDS,
httponly=True,
samesite="lax",
secure=secure,
path="/",
)
return { return {
"access_token": new_access_token, "access_token": new_access_token,
"token_type": "bearer", "token_type": "bearer",

6
backend/main.py
View File

@ -381,10 +381,10 @@ class SecurityHeadersMiddleware(BaseHTTPMiddleware):
response.headers["Content-Security-Policy"] = ( response.headers["Content-Security-Policy"] = (
"default-src 'self'; " "default-src 'self'; "
"script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://esm.sh; " "script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://esm.sh; "
"style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; " "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; "
"img-src 'self' data: blob:; " "img-src 'self' data: blob:; "
"connect-src 'self'; " "connect-src 'self' https://esm.sh https://unpkg.com; "
"font-src 'self';" "font-src 'self' https://fonts.gstatic.com;"
) )
return response return response

4
frontend/popout.html
View File

@ -109,7 +109,9 @@
document.getElementById('file-title').textContent = path.split('/').pop(); document.getElementById('file-title').textContent = path.split('/').pop();
try { try {
const response = await fetch(`/api/file/${encodeURIComponent(vault)}?path=${encodeURIComponent(path)}`); const response = await fetch(`/api/file/${encodeURIComponent(vault)}?path=${encodeURIComponent(path)}`, {
credentials: 'include'
});
if (!response.ok) throw new Error("Erreur lors du chargement du fichier"); if (!response.ok) throw new Error("Erreur lors du chargement du fichier");
const data = await response.json(); const data = await response.json();