deploy: update habadashi_login
Browse files
app.py
CHANGED
|
@@ -216,6 +216,8 @@ def get_current_user(request: Request):
|
|
| 216 |
token = request.cookies.get("sb_access_token")
|
| 217 |
|
| 218 |
if not token:
|
|
|
|
|
|
|
| 219 |
return None
|
| 220 |
|
| 221 |
try:
|
|
@@ -244,7 +246,7 @@ def get_current_user(request: Request):
|
|
| 244 |
return user_dict
|
| 245 |
|
| 246 |
except Exception as e:
|
| 247 |
-
print(f"[AUTH_CHECK]
|
| 248 |
log_event("auth", "token_verify_fail", level="WARNING", metadata={"error": str(e)})
|
| 249 |
return None
|
| 250 |
|
|
@@ -293,9 +295,7 @@ if private_app_dir:
|
|
| 293 |
if user_ctx and isinstance(user_ctx, dict):
|
| 294 |
org_id = user_ctx.get("org_id")
|
| 295 |
org_name = user_ctx.get("org_name")
|
| 296 |
-
print(f"[ORG_CONTEXT] get_org_for_storage: org_id={org_id!r} org_name={org_name!r}")
|
| 297 |
return {"org_id": org_id, "org_name": org_name}
|
| 298 |
-
print(f"[ORG_CONTEXT] get_org_for_storage: no user_ctx")
|
| 299 |
return None
|
| 300 |
|
| 301 |
set_org_context_getter(get_org_for_storage)
|
|
@@ -323,13 +323,26 @@ async def root(user=Depends(get_current_user)):
|
|
| 323 |
return RedirectResponse(url="/login/")
|
| 324 |
|
| 325 |
@app.get("/logout")
|
| 326 |
-
async def logout():
|
| 327 |
-
"""Logout route - clear cookie and redirect to login
|
|
|
|
|
|
|
| 328 |
user = get_user_context()
|
| 329 |
-
|
| 330 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 331 |
response = RedirectResponse(url="/login/")
|
| 332 |
-
response.delete_cookie("sb_access_token")
|
| 333 |
return response
|
| 334 |
|
| 335 |
@app.get("/healthz")
|
|
|
|
| 216 |
token = request.cookies.get("sb_access_token")
|
| 217 |
|
| 218 |
if not token:
|
| 219 |
+
print("[AUTH_CHECK] No sb_access_token cookie – unauthenticated access")
|
| 220 |
+
log_event("auth", "unauthenticated_access", level="INFO", metadata={"path": str(request.url.path)})
|
| 221 |
return None
|
| 222 |
|
| 223 |
try:
|
|
|
|
| 246 |
return user_dict
|
| 247 |
|
| 248 |
except Exception as e:
|
| 249 |
+
print(f"[AUTH_CHECK] Token verify failed: {e}")
|
| 250 |
log_event("auth", "token_verify_fail", level="WARNING", metadata={"error": str(e)})
|
| 251 |
return None
|
| 252 |
|
|
|
|
| 295 |
if user_ctx and isinstance(user_ctx, dict):
|
| 296 |
org_id = user_ctx.get("org_id")
|
| 297 |
org_name = user_ctx.get("org_name")
|
|
|
|
| 298 |
return {"org_id": org_id, "org_name": org_name}
|
|
|
|
| 299 |
return None
|
| 300 |
|
| 301 |
set_org_context_getter(get_org_for_storage)
|
|
|
|
| 323 |
return RedirectResponse(url="/login/")
|
| 324 |
|
| 325 |
@app.get("/logout")
|
| 326 |
+
async def logout(request: Request):
|
| 327 |
+
"""Logout route - clear cookie and redirect to login.
|
| 328 |
+
Also serves as force-logout endpoint when session is expired/invalid.
|
| 329 |
+
"""
|
| 330 |
user = get_user_context()
|
| 331 |
+
token = request.cookies.get("sb_access_token")
|
| 332 |
+
forced = request.query_params.get("forced", "0")
|
| 333 |
+
print(f"[ROUTE] /logout accessed forced={forced}")
|
| 334 |
+
if forced == "1":
|
| 335 |
+
log_event("auth", "force_logout", user_override=user, metadata={"reason": "session_expired"})
|
| 336 |
+
else:
|
| 337 |
+
log_event("auth", "logout", user_override=user)
|
| 338 |
+
# Supabase セッション失効(トークンがある場合)
|
| 339 |
+
if token:
|
| 340 |
+
try:
|
| 341 |
+
supabase.auth.sign_out()
|
| 342 |
+
except Exception:
|
| 343 |
+
pass
|
| 344 |
response = RedirectResponse(url="/login/")
|
| 345 |
+
response.delete_cookie("sb_access_token", path="/", samesite="none")
|
| 346 |
return response
|
| 347 |
|
| 348 |
@app.get("/healthz")
|
login.py
CHANGED
|
@@ -105,7 +105,8 @@ def create_login_ui(handle_login_fn):
|
|
| 105 |
js="""(token) => {
|
| 106 |
if (!token || token === "") return;
|
| 107 |
|
| 108 |
-
// Set cookie
|
|
|
|
| 109 |
document.cookie = `sb_access_token=${token}; path=/; max-age=3600; SameSite=None; Secure;`;
|
| 110 |
|
| 111 |
console.log("Cookie set, redirecting...");
|
|
|
|
| 105 |
js="""(token) => {
|
| 106 |
if (!token || token === "") return;
|
| 107 |
|
| 108 |
+
// Set cookie: max-age=3600 は Supabase JWT の標準有効期限に合わせた値。
|
| 109 |
+
// セッション延長には Supabase refresh_token による更新が必要(中長期対応候補)。
|
| 110 |
document.cookie = `sb_access_token=${token}; path=/; max-age=3600; SameSite=None; Secure;`;
|
| 111 |
|
| 112 |
console.log("Cookie set, redirecting...");
|