Spaces:
Running
Running
Update app.py
Browse files
app.py
CHANGED
|
@@ -1,4 +1,4 @@
|
|
| 1 |
-
from fastapi import FastAPI, Request, Response
|
| 2 |
import httpx
|
| 3 |
import os
|
| 4 |
|
|
@@ -7,15 +7,36 @@ app = FastAPI()
|
|
| 7 |
BACKEND_URL = os.environ.get("BACKEND_URL")
|
| 8 |
AUTH_HEADER = os.environ.get("AUTH_HEADER")
|
| 9 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 10 |
@app.api_route("/{full_path:path}", methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"])
|
| 11 |
async def proxy(full_path: str, request: Request):
|
| 12 |
url = f"{BACKEND_URL}/{full_path}"
|
| 13 |
|
| 14 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
headers = dict(request.headers)
|
| 16 |
headers["Authorization"] = AUTH_HEADER
|
| 17 |
-
|
| 18 |
-
# Remove headers que podem causar conflito
|
| 19 |
for h in ["host", "content-length", "accept-encoding", "connection"]:
|
| 20 |
headers.pop(h, None)
|
| 21 |
|
|
@@ -30,7 +51,6 @@ async def proxy(full_path: str, request: Request):
|
|
| 30 |
params=dict(request.query_params)
|
| 31 |
)
|
| 32 |
|
| 33 |
-
# Retorna resposta do backend
|
| 34 |
return Response(
|
| 35 |
content=resp.content,
|
| 36 |
status_code=resp.status_code,
|
|
|
|
| 1 |
+
from fastapi import FastAPI, Request, Response, HTTPException
|
| 2 |
import httpx
|
| 3 |
import os
|
| 4 |
|
|
|
|
| 7 |
BACKEND_URL = os.environ.get("BACKEND_URL")
|
| 8 |
AUTH_HEADER = os.environ.get("AUTH_HEADER")
|
| 9 |
|
| 10 |
+
async def is_session_valid(session_token: str) -> bool:
|
| 11 |
+
async with httpx.AsyncClient() as client:
|
| 12 |
+
resp = await client.get(
|
| 13 |
+
f"{BACKEND_URL}/user/session",
|
| 14 |
+
params={"token": session_token},
|
| 15 |
+
headers={"Authorization": AUTH_HEADER}
|
| 16 |
+
)
|
| 17 |
+
if resp.status_code != 200:
|
| 18 |
+
return False
|
| 19 |
+
result = resp.json()
|
| 20 |
+
return result.get("valid", False)
|
| 21 |
+
|
| 22 |
@app.api_route("/{full_path:path}", methods=["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"])
|
| 23 |
async def proxy(full_path: str, request: Request):
|
| 24 |
url = f"{BACKEND_URL}/{full_path}"
|
| 25 |
|
| 26 |
+
# Extrai o token de sessão do usuário do header Authorization
|
| 27 |
+
user_auth = request.headers.get("authorization")
|
| 28 |
+
session_token = None
|
| 29 |
+
if user_auth and user_auth.lower().startswith("bearer "):
|
| 30 |
+
session_token = user_auth.split(" ", 1)[1]
|
| 31 |
+
|
| 32 |
+
# Valida sessão, exceto para rotas públicas (exemplo: login, register)
|
| 33 |
+
if full_path not in ["user/login", "user/register", "user/session"]:
|
| 34 |
+
if not session_token or not await is_session_valid(session_token):
|
| 35 |
+
return Response(content="Não autorizado", status_code=401)
|
| 36 |
+
|
| 37 |
+
# Copia headers originais e adiciona Authorization do Supabase
|
| 38 |
headers = dict(request.headers)
|
| 39 |
headers["Authorization"] = AUTH_HEADER
|
|
|
|
|
|
|
| 40 |
for h in ["host", "content-length", "accept-encoding", "connection"]:
|
| 41 |
headers.pop(h, None)
|
| 42 |
|
|
|
|
| 51 |
params=dict(request.query_params)
|
| 52 |
)
|
| 53 |
|
|
|
|
| 54 |
return Response(
|
| 55 |
content=resp.content,
|
| 56 |
status_code=resp.status_code,
|