Compare commits
23 Commits
renovate/r
...
1af2e37a7f
| Author | SHA1 | Date | |
|---|---|---|---|
| 1af2e37a7f | |||
| 5a9848fd5f | |||
| 712badb69d | |||
| c40dd38c99 | |||
| 98121d9954 | |||
| f340f8fd0d | |||
| d2fa9e46df | |||
| f770e4a785 | |||
| 013a45ab56 | |||
| 321b940398 | |||
| e21a8acc60 | |||
| f15e530130 | |||
| e533a3404e | |||
| a944da2204 | |||
| 012cfb96cd | |||
| e3e015852c | |||
| 59b4f7f28c | |||
| e212251da8 | |||
| f49c8cee85 | |||
| b34f1083a3 | |||
| b85668c233 | |||
| 45cbff7672 | |||
| 51b47dbfb0 |
@@ -1,10 +1,6 @@
|
|||||||
import urllib.request
|
from fastapi import APIRouter
|
||||||
|
|
||||||
from fastapi import APIRouter, Request
|
|
||||||
from sqlalchemy import text
|
from sqlalchemy import text
|
||||||
|
|
||||||
from app.core.auth import _build_jwks_url, _extract_token, _get_jwks_client
|
|
||||||
from app.core.config import settings
|
|
||||||
from app.core.database import async_session
|
from app.core.database import async_session
|
||||||
|
|
||||||
router = APIRouter(tags=["health"])
|
router = APIRouter(tags=["health"])
|
||||||
@@ -27,45 +23,3 @@ async def health_check():
|
|||||||
async def root():
|
async def root():
|
||||||
"""Root endpoint."""
|
"""Root endpoint."""
|
||||||
return {"message": "Nuzlocke Tracker API", "docs": "/docs"}
|
return {"message": "Nuzlocke Tracker API", "docs": "/docs"}
|
||||||
|
|
||||||
|
|
||||||
@router.get("/auth-debug")
|
|
||||||
async def auth_debug(request: Request):
|
|
||||||
"""Temporary diagnostic endpoint for auth debugging."""
|
|
||||||
result: dict = {}
|
|
||||||
|
|
||||||
# Config
|
|
||||||
result["supabase_url"] = settings.supabase_url
|
|
||||||
result["has_jwt_secret"] = bool(settings.supabase_jwt_secret)
|
|
||||||
result["jwks_url"] = (
|
|
||||||
_build_jwks_url(settings.supabase_url) if settings.supabase_url else None
|
|
||||||
)
|
|
||||||
|
|
||||||
# JWKS fetch
|
|
||||||
jwks_url = result["jwks_url"]
|
|
||||||
if jwks_url:
|
|
||||||
try:
|
|
||||||
with urllib.request.urlopen(jwks_url, timeout=5) as resp:
|
|
||||||
result["jwks_status"] = resp.status
|
|
||||||
result["jwks_body"] = resp.read().decode()
|
|
||||||
except Exception as e:
|
|
||||||
result["jwks_fetch_error"] = str(e)
|
|
||||||
|
|
||||||
# JWKS client
|
|
||||||
client = _get_jwks_client()
|
|
||||||
result["jwks_client_exists"] = client is not None
|
|
||||||
|
|
||||||
# Token info (header only, no secrets)
|
|
||||||
token = _extract_token(request)
|
|
||||||
if token:
|
|
||||||
import jwt
|
|
||||||
|
|
||||||
try:
|
|
||||||
header = jwt.get_unverified_header(token)
|
|
||||||
result["token_header"] = header
|
|
||||||
except Exception as e:
|
|
||||||
result["token_header_error"] = str(e)
|
|
||||||
else:
|
|
||||||
result["token"] = "not provided"
|
|
||||||
|
|
||||||
return result
|
|
||||||
|
|||||||
@@ -26,21 +26,11 @@ class AuthUser:
|
|||||||
role: str | None = None
|
role: str | None = None
|
||||||
|
|
||||||
|
|
||||||
def _build_jwks_url(base_url: str) -> str:
|
|
||||||
"""Build the JWKS URL, adding /auth/v1 prefix for Supabase Cloud."""
|
|
||||||
base = base_url.rstrip("/")
|
|
||||||
if "/auth/v1" in base:
|
|
||||||
return f"{base}/.well-known/jwks.json"
|
|
||||||
# Supabase Cloud URLs need the /auth/v1 prefix;
|
|
||||||
# local GoTrue serves JWKS at root but uses HS256 fallback anyway.
|
|
||||||
return f"{base}/auth/v1/.well-known/jwks.json"
|
|
||||||
|
|
||||||
|
|
||||||
def _get_jwks_client() -> PyJWKClient | None:
|
def _get_jwks_client() -> PyJWKClient | None:
|
||||||
"""Get or create a cached JWKS client."""
|
"""Get or create a cached JWKS client."""
|
||||||
global _jwks_client
|
global _jwks_client
|
||||||
if _jwks_client is None and settings.supabase_url:
|
if _jwks_client is None and settings.supabase_url:
|
||||||
jwks_url = _build_jwks_url(settings.supabase_url)
|
jwks_url = f"{settings.supabase_url.rstrip('/')}/.well-known/jwks.json"
|
||||||
_jwks_client = PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=300)
|
_jwks_client = PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=300)
|
||||||
return _jwks_client
|
return _jwks_client
|
||||||
|
|
||||||
@@ -90,7 +80,7 @@ def _verify_jwt(token: str) -> dict | None:
|
|||||||
except PyJWKSetError as e:
|
except PyJWKSetError as e:
|
||||||
logger.warning("JWKS set error: %s", e)
|
logger.warning("JWKS set error: %s", e)
|
||||||
else:
|
else:
|
||||||
logger.warning("No JWKS client available (SUPABASE_URL not set?)")
|
logger.debug("No JWKS client available (SUPABASE_URL not set?)")
|
||||||
return _verify_jwt_hs256(token)
|
return _verify_jwt_hs256(token)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
16
frontend/package-lock.json
generated
16
frontend/package-lock.json
generated
@@ -17,7 +17,7 @@
|
|||||||
"react": "19.2.4",
|
"react": "19.2.4",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.4",
|
||||||
"react-markdown": "^10.1.0",
|
"react-markdown": "^10.1.0",
|
||||||
"react-router-dom": "7.14.0",
|
"react-router-dom": "7.13.1",
|
||||||
"remark-gfm": "^4.0.1",
|
"remark-gfm": "^4.0.1",
|
||||||
"sonner": "2.0.7"
|
"sonner": "2.0.7"
|
||||||
},
|
},
|
||||||
@@ -4385,9 +4385,9 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/react-router": {
|
"node_modules/react-router": {
|
||||||
"version": "7.14.0",
|
"version": "7.13.1",
|
||||||
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.0.tgz",
|
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.13.1.tgz",
|
||||||
"integrity": "sha512-m/xR9N4LQLmAS0ZhkY2nkPA1N7gQ5TUVa5n8TgANuDTARbn1gt+zLPXEm7W0XDTbrQ2AJSJKhoa6yx1D8BcpxQ==",
|
"integrity": "sha512-td+xP4X2/6BJvZoX6xw++A2DdEi++YypA69bJUV5oVvqf6/9/9nNlD70YO1e9d3MyamJEBQFEzk6mbfDYbqrSA==",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"cookie": "^1.0.1",
|
"cookie": "^1.0.1",
|
||||||
@@ -4407,12 +4407,12 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/react-router-dom": {
|
"node_modules/react-router-dom": {
|
||||||
"version": "7.14.0",
|
"version": "7.13.1",
|
||||||
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.0.tgz",
|
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.13.1.tgz",
|
||||||
"integrity": "sha512-2G3ajSVSZMEtmTjIklRWlNvo8wICEpLihfD/0YMDxbWK2UyP5EGfnoIn9AIQGnF3G/FX0MRbHXdFcD+rL1ZreQ==",
|
"integrity": "sha512-UJnV3Rxc5TgUPJt2KJpo1Jpy0OKQr0AjgbZzBFjaPJcFOb2Y8jA5H3LT8HUJAiRLlWrEXWHbF1Z4SCZaQjWDHw==",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"react-router": "7.14.0"
|
"react-router": "7.13.1"
|
||||||
},
|
},
|
||||||
"engines": {
|
"engines": {
|
||||||
"node": ">=20.0.0"
|
"node": ">=20.0.0"
|
||||||
|
|||||||
@@ -25,7 +25,7 @@
|
|||||||
"react": "19.2.4",
|
"react": "19.2.4",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.4",
|
||||||
"react-markdown": "^10.1.0",
|
"react-markdown": "^10.1.0",
|
||||||
"react-router-dom": "7.14.0",
|
"react-router-dom": "7.13.1",
|
||||||
"remark-gfm": "^4.0.1",
|
"remark-gfm": "^4.0.1",
|
||||||
"sonner": "2.0.7"
|
"sonner": "2.0.7"
|
||||||
},
|
},
|
||||||
|
|||||||
Reference in New Issue
Block a user