Spaces:
Sleeping
Sleeping
Commit ·
6d0006b
1
Parent(s): 517b677
Switch to JavaScript-based login for HuggingFace compatibility
Browse files- app/main.py +69 -59
app/main.py
CHANGED
|
@@ -175,7 +175,7 @@ class ValidationHistory(BaseModel):
|
|
| 175 |
|
| 176 |
# API Endpoints
|
| 177 |
|
| 178 |
-
# Login page HTML
|
| 179 |
LOGIN_PAGE = """
|
| 180 |
<!DOCTYPE html>
|
| 181 |
<html>
|
|
@@ -200,85 +200,95 @@ LOGIN_PAGE = """
|
|
| 200 |
<h1>🔐 Medical Document Validator</h1>
|
| 201 |
<p class="subtitle">Enter password to access the application</p>
|
| 202 |
<div class="error" id="error">Invalid password. Please try again.</div>
|
| 203 |
-
<
|
| 204 |
-
<
|
| 205 |
-
|
| 206 |
-
|
| 207 |
-
|
| 208 |
-
<button type="submit">Login</button>
|
| 209 |
-
</form>
|
| 210 |
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 211 |
</body>
|
| 212 |
</html>
|
| 213 |
"""
|
| 214 |
|
| 215 |
@app.get("/login", response_class=HTMLResponse, tags=["Auth"])
|
| 216 |
-
async def login_page(
|
| 217 |
"""Show login page."""
|
| 218 |
if not APP_PASSWORD:
|
| 219 |
-
return RedirectResponse(url="/", status_code=302)
|
| 220 |
-
|
| 221 |
-
|
| 222 |
-
|
| 223 |
-
|
| 224 |
-
return
|
| 225 |
-
|
| 226 |
-
|
| 227 |
-
|
| 228 |
-
"""Handle login form submission."""
|
| 229 |
-
if not APP_PASSWORD:
|
| 230 |
-
return RedirectResponse(url="/", status_code=302)
|
| 231 |
-
|
| 232 |
-
if password == APP_PASSWORD:
|
| 233 |
-
# Generate session token
|
| 234 |
-
session_token = generate_session_token()
|
| 235 |
-
VALID_SESSIONS.add(session_token)
|
| 236 |
|
| 237 |
-
|
| 238 |
-
|
| 239 |
-
|
| 240 |
-
|
| 241 |
-
|
| 242 |
-
|
| 243 |
-
|
| 244 |
-
|
| 245 |
-
|
| 246 |
-
)
|
| 247 |
-
return redirect
|
| 248 |
-
else:
|
| 249 |
-
return RedirectResponse(url="/login?error=1", status_code=302)
|
| 250 |
-
|
| 251 |
-
@app.get("/logout", tags=["Auth"])
|
| 252 |
-
async def logout(response: Response, session_token: str = Cookie(None)):
|
| 253 |
-
"""Logout and clear session."""
|
| 254 |
-
if session_token and session_token in VALID_SESSIONS:
|
| 255 |
-
VALID_SESSIONS.discard(session_token)
|
| 256 |
-
|
| 257 |
-
redirect = RedirectResponse(url="/login", status_code=302)
|
| 258 |
-
redirect.delete_cookie("session_token")
|
| 259 |
-
return redirect
|
| 260 |
|
| 261 |
-
@app.get("/", response_class=HTMLResponse, tags=["Root"])
|
| 262 |
-
async def
|
| 263 |
"""Serve the main HTML interface (password protected if APP_PASSWORD is set)."""
|
| 264 |
# Check if password protection is enabled
|
| 265 |
if APP_PASSWORD:
|
| 266 |
-
if not
|
| 267 |
return RedirectResponse(url="/login", status_code=302)
|
| 268 |
|
| 269 |
html_path = Path(__file__).parent / "static" / "index.html"
|
| 270 |
if html_path.exists():
|
| 271 |
return FileResponse(html_path)
|
| 272 |
return HTMLResponse("""
|
| 273 |
-
|
| 274 |
-
<
|
| 275 |
-
<h1>Medical Document Validator</h1>
|
| 276 |
-
<p>Frontend not found. Please ensure index.html exists in app/static/</p>
|
| 277 |
-
<p><a href="/docs">API Documentation</a></p>
|
| 278 |
-
</body>
|
| 279 |
-
</html>
|
| 280 |
""")
|
| 281 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 282 |
|
| 283 |
@app.get("/templates", response_model=List[TemplateSummary], tags=["Templates"])
|
| 284 |
async def get_templates():
|
|
|
|
| 175 |
|
| 176 |
# API Endpoints
|
| 177 |
|
| 178 |
+
# Login page HTML with JavaScript-based auth
|
| 179 |
LOGIN_PAGE = """
|
| 180 |
<!DOCTYPE html>
|
| 181 |
<html>
|
|
|
|
| 200 |
<h1>🔐 Medical Document Validator</h1>
|
| 201 |
<p class="subtitle">Enter password to access the application</p>
|
| 202 |
<div class="error" id="error">Invalid password. Please try again.</div>
|
| 203 |
+
<div class="form-group">
|
| 204 |
+
<label for="password">Password:</label>
|
| 205 |
+
<input type="password" id="password" placeholder="Enter password" autofocus>
|
| 206 |
+
</div>
|
| 207 |
+
<button id="loginBtn">Login</button>
|
|
|
|
|
|
|
| 208 |
</div>
|
| 209 |
+
<script>
|
| 210 |
+
async function attemptLogin() {
|
| 211 |
+
const password = document.getElementById('password').value;
|
| 212 |
+
const errorDiv = document.getElementById('error');
|
| 213 |
+
|
| 214 |
+
try {
|
| 215 |
+
const response = await fetch('/verify-password', {
|
| 216 |
+
method: 'POST',
|
| 217 |
+
headers: {'Content-Type': 'application/json'},
|
| 218 |
+
body: JSON.stringify({password: password})
|
| 219 |
+
});
|
| 220 |
+
|
| 221 |
+
const data = await response.json();
|
| 222 |
+
|
| 223 |
+
if (data.valid) {
|
| 224 |
+
localStorage.setItem('auth_token', data.token);
|
| 225 |
+
window.location.href = '/app?token=' + data.token;
|
| 226 |
+
} else {
|
| 227 |
+
errorDiv.style.display = 'block';
|
| 228 |
+
}
|
| 229 |
+
} catch (e) {
|
| 230 |
+
errorDiv.textContent = 'Connection error. Please try again.';
|
| 231 |
+
errorDiv.style.display = 'block';
|
| 232 |
+
}
|
| 233 |
+
}
|
| 234 |
+
|
| 235 |
+
document.getElementById('loginBtn').addEventListener('click', attemptLogin);
|
| 236 |
+
document.getElementById('password').addEventListener('keypress', function(e) {
|
| 237 |
+
if (e.key === 'Enter') attemptLogin();
|
| 238 |
+
});
|
| 239 |
+
</script>
|
| 240 |
</body>
|
| 241 |
</html>
|
| 242 |
"""
|
| 243 |
|
| 244 |
@app.get("/login", response_class=HTMLResponse, tags=["Auth"])
|
| 245 |
+
async def login_page():
|
| 246 |
"""Show login page."""
|
| 247 |
if not APP_PASSWORD:
|
| 248 |
+
return RedirectResponse(url="/app", status_code=302)
|
| 249 |
+
return HTMLResponse(LOGIN_PAGE)
|
| 250 |
+
|
| 251 |
+
@app.post("/verify-password", tags=["Auth"])
|
| 252 |
+
async def verify_password(request: Request):
|
| 253 |
+
"""Verify password and return token."""
|
| 254 |
+
try:
|
| 255 |
+
data = await request.json()
|
| 256 |
+
password = data.get("password", "")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 257 |
|
| 258 |
+
if password == APP_PASSWORD:
|
| 259 |
+
token = generate_session_token()
|
| 260 |
+
VALID_SESSIONS.add(token)
|
| 261 |
+
return {"valid": True, "token": token}
|
| 262 |
+
else:
|
| 263 |
+
return {"valid": False}
|
| 264 |
+
except Exception as e:
|
| 265 |
+
logger.error(f"Password verification error: {e}")
|
| 266 |
+
return {"valid": False}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 267 |
|
| 268 |
+
@app.get("/app", response_class=HTMLResponse, tags=["Root"])
|
| 269 |
+
async def app_page(token: str = None):
|
| 270 |
"""Serve the main HTML interface (password protected if APP_PASSWORD is set)."""
|
| 271 |
# Check if password protection is enabled
|
| 272 |
if APP_PASSWORD:
|
| 273 |
+
if not token or not verify_session(token):
|
| 274 |
return RedirectResponse(url="/login", status_code=302)
|
| 275 |
|
| 276 |
html_path = Path(__file__).parent / "static" / "index.html"
|
| 277 |
if html_path.exists():
|
| 278 |
return FileResponse(html_path)
|
| 279 |
return HTMLResponse("""
|
| 280 |
+
<h1>Medical Document Validator</h1>
|
| 281 |
+
<p>Static files not found. Please check installation.</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 282 |
""")
|
| 283 |
|
| 284 |
+
@app.get("/", response_class=HTMLResponse, tags=["Root"])
|
| 285 |
+
async def root():
|
| 286 |
+
"""Redirect to login or app."""
|
| 287 |
+
if APP_PASSWORD:
|
| 288 |
+
return RedirectResponse(url="/login", status_code=302)
|
| 289 |
+
return RedirectResponse(url="/app", status_code=302)
|
| 290 |
+
|
| 291 |
+
|
| 292 |
|
| 293 |
@app.get("/templates", response_model=List[TemplateSummary], tags=["Templates"])
|
| 294 |
async def get_templates():
|