Update app.py

app.py

@@ -1,7 +1,7 @@
 import io
 import asyncio
 import os
-from fastapi import FastAPI, File, UploadFile, Depends, Header, HTTPException
+from fastapi import FastAPI, File, UploadFile, Header, HTTPException
 from fastapi.responses import JSONResponse, HTMLResponse
 from PIL import Image
 import torch
@@ -14,18 +14,18 @@ app = FastAPI(title="Florence Image Caption API")
 
 device = "cuda" if torch.cuda.is_available() else "cpu"
 
-# Lazy-loaded model and processor
 processor = None
 model = None
 model_lock = asyncio.Lock()
 
-# ---------------------------------------------------
-# Token Authentication
-# ---------------------------------------------------
+# -------- TOKEN from HF Space Secrets ----------
+API_TOKEN = os.getenv("img2caption")   # your secret token
 
-API_TOKEN = os.getenv("img2caption")   # secret token from your environment
 
-def check_token(auth: str):
+# ---------------------------------------------------
+# Verify Token for API only
+# ---------------------------------------------------
+def verify_token(auth: str | None):
     if auth is None or not auth.startswith("Bearer "):
         raise HTTPException(status_code=401, detail="Missing Authorization header")
 
@@ -33,8 +33,9 @@ def check_token(auth: str):
     if token != API_TOKEN:
         raise HTTPException(status_code=403, detail="Invalid token")
 
+
 # ---------------------------------------------------
-# Lazy Florence Model Load
+# Lazy Load Model
 # ---------------------------------------------------
 async def load_model():
     global processor, model
@@ -76,7 +77,7 @@ def run_caption(image: Image.Image) -> str:
 
 
 # ---------------------------------------------------
-# Public Login Page
+# PUBLIC LOGIN PAGE
 # ---------------------------------------------------
 @app.get("/", response_class=HTMLResponse)
 def login_page():
@@ -85,7 +86,8 @@ def login_page():
 <html>
 <head><title>Login</title></head>
 <body style="font-family:Arial;max-width:500px;margin:40px auto;">
-    <h2>Access Token Required</h2>
+
+    <h2>Enter Access Token</h2>
     <input id="token" type="password" style="width:100%;padding:10px;" placeholder="Enter token">
     <button onclick="login()" style="padding:10px;margin-top:10px;width:100%;">Continue</button>
 
@@ -93,7 +95,6 @@ def login_page():
 function login() {
     const t = document.getElementById("token").value;
     if (!t) return alert("Token required");
-
     sessionStorage.setItem("authToken", t);
     window.location.href = "/ui";
 }
@@ -105,12 +106,10 @@ function login() {
 
 
 # ---------------------------------------------------
-# Protected UI
+# PUBLIC UI PAGE (no token required)
 # ---------------------------------------------------
 @app.get("/ui", response_class=HTMLResponse)
-async def ui_page(authorization: str = Header(None)):
-    check_token(authorization)
-
+def ui_page():
     return """
 <!DOCTYPE html>
 <html>
@@ -140,7 +139,6 @@ async def ui_page(authorization: str = Header(None)):
 
 <script>
     let token = sessionStorage.getItem("authToken");
-
     if (!token) {
         alert("No token found, please login again.");
         window.location.href = "/";
@@ -188,11 +186,11 @@ async def ui_page(authorization: str = Header(None)):
 
 
 # ---------------------------------------------------
-# Protected Caption API
+# PROTECTED API ENDPOINT
 # ---------------------------------------------------
 @app.post("/img2caption")
 async def img2caption(file: UploadFile = File(...), authorization: str = Header(None)):
-    check_token(authorization)
+    verify_token(authorization)
 
     try:
         async with model_lock: