Spaces:
Running
Running
Update app.py
Browse files
app.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
from fastapi import FastAPI, Request, Response
|
| 2 |
import httpx
|
| 3 |
import os
|
| 4 |
|
|
@@ -23,13 +23,24 @@ async def is_session_valid(session_token: str) -> bool:
|
|
| 23 |
async def proxy(full_path: str, request: Request):
|
| 24 |
url = f"{BACKEND_URL}/{full_path}"
|
| 25 |
|
| 26 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 27 |
headers = dict(request.headers)
|
| 28 |
headers["Authorization"] = AUTH_HEADER
|
| 29 |
|
| 30 |
# Remove headers que podem causar conflito
|
| 31 |
for h in ["host", "content-length", "accept-encoding", "connection"]:
|
| 32 |
headers.pop(h, None)
|
|
|
|
|
|
|
| 33 |
|
| 34 |
body = await request.body()
|
| 35 |
|
|
@@ -42,7 +53,6 @@ async def proxy(full_path: str, request: Request):
|
|
| 42 |
params=dict(request.query_params)
|
| 43 |
)
|
| 44 |
|
| 45 |
-
# Retorna resposta do backend
|
| 46 |
return Response(
|
| 47 |
content=resp.content,
|
| 48 |
status_code=resp.status_code,
|
|
|
|
| 1 |
+
from fastapi import FastAPI, Request, Response
|
| 2 |
import httpx
|
| 3 |
import os
|
| 4 |
|
|
|
|
| 23 |
async def proxy(full_path: str, request: Request):
|
| 24 |
url = f"{BACKEND_URL}/{full_path}"
|
| 25 |
|
| 26 |
+
# Recebe o token de sessão no header 'token_session'
|
| 27 |
+
session_token = request.headers.get("token_session")
|
| 28 |
+
|
| 29 |
+
# Rotas públicas não exigem validação
|
| 30 |
+
public_routes = ["user/login", "user/register", "user/session", "session/create"]
|
| 31 |
+
if full_path not in public_routes:
|
| 32 |
+
if not session_token or not await is_session_valid(session_token):
|
| 33 |
+
return Response(content="Não autorizado", status_code=401)
|
| 34 |
+
|
| 35 |
+
# Copia headers originais e sobrescreve Authorization com AUTH_HEADER
|
| 36 |
headers = dict(request.headers)
|
| 37 |
headers["Authorization"] = AUTH_HEADER
|
| 38 |
|
| 39 |
# Remove headers que podem causar conflito
|
| 40 |
for h in ["host", "content-length", "accept-encoding", "connection"]:
|
| 41 |
headers.pop(h, None)
|
| 42 |
+
# Remove o token_session do header antes de encaminhar ao backend
|
| 43 |
+
headers.pop("token_session", None)
|
| 44 |
|
| 45 |
body = await request.body()
|
| 46 |
|
|
|
|
| 53 |
params=dict(request.query_params)
|
| 54 |
)
|
| 55 |
|
|
|
|
| 56 |
return Response(
|
| 57 |
content=resp.content,
|
| 58 |
status_code=resp.status_code,
|