Compare commits
23 Commits
renovate/t
...
1af2e37a7f
| Author | SHA1 | Date | |
|---|---|---|---|
| 1af2e37a7f | |||
| 5a9848fd5f | |||
| 712badb69d | |||
| c40dd38c99 | |||
| 98121d9954 | |||
| f340f8fd0d | |||
| d2fa9e46df | |||
| f770e4a785 | |||
| 013a45ab56 | |||
| 321b940398 | |||
| e21a8acc60 | |||
| f15e530130 | |||
| e533a3404e | |||
| a944da2204 | |||
| 012cfb96cd | |||
| e3e015852c | |||
| 59b4f7f28c | |||
| e212251da8 | |||
| f49c8cee85 | |||
| b34f1083a3 | |||
| b85668c233 | |||
| 45cbff7672 | |||
| 51b47dbfb0 |
@@ -1,10 +1,6 @@
|
|||||||
import urllib.request
|
from fastapi import APIRouter
|
||||||
|
|
||||||
from fastapi import APIRouter, Request
|
|
||||||
from sqlalchemy import text
|
from sqlalchemy import text
|
||||||
|
|
||||||
from app.core.auth import _build_jwks_url, _extract_token, _get_jwks_client
|
|
||||||
from app.core.config import settings
|
|
||||||
from app.core.database import async_session
|
from app.core.database import async_session
|
||||||
|
|
||||||
router = APIRouter(tags=["health"])
|
router = APIRouter(tags=["health"])
|
||||||
@@ -27,45 +23,3 @@ async def health_check():
|
|||||||
async def root():
|
async def root():
|
||||||
"""Root endpoint."""
|
"""Root endpoint."""
|
||||||
return {"message": "Nuzlocke Tracker API", "docs": "/docs"}
|
return {"message": "Nuzlocke Tracker API", "docs": "/docs"}
|
||||||
|
|
||||||
|
|
||||||
@router.get("/auth-debug")
|
|
||||||
async def auth_debug(request: Request):
|
|
||||||
"""Temporary diagnostic endpoint for auth debugging."""
|
|
||||||
result: dict = {}
|
|
||||||
|
|
||||||
# Config
|
|
||||||
result["supabase_url"] = settings.supabase_url
|
|
||||||
result["has_jwt_secret"] = bool(settings.supabase_jwt_secret)
|
|
||||||
result["jwks_url"] = (
|
|
||||||
_build_jwks_url(settings.supabase_url) if settings.supabase_url else None
|
|
||||||
)
|
|
||||||
|
|
||||||
# JWKS fetch
|
|
||||||
jwks_url = result["jwks_url"]
|
|
||||||
if jwks_url:
|
|
||||||
try:
|
|
||||||
with urllib.request.urlopen(jwks_url, timeout=5) as resp:
|
|
||||||
result["jwks_status"] = resp.status
|
|
||||||
result["jwks_body"] = resp.read().decode()
|
|
||||||
except Exception as e:
|
|
||||||
result["jwks_fetch_error"] = str(e)
|
|
||||||
|
|
||||||
# JWKS client
|
|
||||||
client = _get_jwks_client()
|
|
||||||
result["jwks_client_exists"] = client is not None
|
|
||||||
|
|
||||||
# Token info (header only, no secrets)
|
|
||||||
token = _extract_token(request)
|
|
||||||
if token:
|
|
||||||
import jwt
|
|
||||||
|
|
||||||
try:
|
|
||||||
header = jwt.get_unverified_header(token)
|
|
||||||
result["token_header"] = header
|
|
||||||
except Exception as e:
|
|
||||||
result["token_header_error"] = str(e)
|
|
||||||
else:
|
|
||||||
result["token"] = "not provided"
|
|
||||||
|
|
||||||
return result
|
|
||||||
|
|||||||
@@ -26,21 +26,11 @@ class AuthUser:
|
|||||||
role: str | None = None
|
role: str | None = None
|
||||||
|
|
||||||
|
|
||||||
def _build_jwks_url(base_url: str) -> str:
|
|
||||||
"""Build the JWKS URL, adding /auth/v1 prefix for Supabase Cloud."""
|
|
||||||
base = base_url.rstrip("/")
|
|
||||||
if "/auth/v1" in base:
|
|
||||||
return f"{base}/.well-known/jwks.json"
|
|
||||||
# Supabase Cloud URLs need the /auth/v1 prefix;
|
|
||||||
# local GoTrue serves JWKS at root but uses HS256 fallback anyway.
|
|
||||||
return f"{base}/auth/v1/.well-known/jwks.json"
|
|
||||||
|
|
||||||
|
|
||||||
def _get_jwks_client() -> PyJWKClient | None:
|
def _get_jwks_client() -> PyJWKClient | None:
|
||||||
"""Get or create a cached JWKS client."""
|
"""Get or create a cached JWKS client."""
|
||||||
global _jwks_client
|
global _jwks_client
|
||||||
if _jwks_client is None and settings.supabase_url:
|
if _jwks_client is None and settings.supabase_url:
|
||||||
jwks_url = _build_jwks_url(settings.supabase_url)
|
jwks_url = f"{settings.supabase_url.rstrip('/')}/.well-known/jwks.json"
|
||||||
_jwks_client = PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=300)
|
_jwks_client = PyJWKClient(jwks_url, cache_jwk_set=True, lifespan=300)
|
||||||
return _jwks_client
|
return _jwks_client
|
||||||
|
|
||||||
@@ -90,7 +80,7 @@ def _verify_jwt(token: str) -> dict | None:
|
|||||||
except PyJWKSetError as e:
|
except PyJWKSetError as e:
|
||||||
logger.warning("JWKS set error: %s", e)
|
logger.warning("JWKS set error: %s", e)
|
||||||
else:
|
else:
|
||||||
logger.warning("No JWKS client available (SUPABASE_URL not set?)")
|
logger.debug("No JWKS client available (SUPABASE_URL not set?)")
|
||||||
return _verify_jwt_hs256(token)
|
return _verify_jwt_hs256(token)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
16
frontend/package-lock.json
generated
16
frontend/package-lock.json
generated
@@ -13,7 +13,7 @@
|
|||||||
"@dnd-kit/utilities": "3.2.2",
|
"@dnd-kit/utilities": "3.2.2",
|
||||||
"@supabase/supabase-js": "^2.99.3",
|
"@supabase/supabase-js": "^2.99.3",
|
||||||
"@tailwindcss/typography": "^0.5.19",
|
"@tailwindcss/typography": "^0.5.19",
|
||||||
"@tanstack/react-query": "5.97.0",
|
"@tanstack/react-query": "5.94.5",
|
||||||
"react": "19.2.4",
|
"react": "19.2.4",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.4",
|
||||||
"react-markdown": "^10.1.0",
|
"react-markdown": "^10.1.0",
|
||||||
@@ -1817,9 +1817,9 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/@tanstack/query-core": {
|
"node_modules/@tanstack/query-core": {
|
||||||
"version": "5.97.0",
|
"version": "5.94.5",
|
||||||
"resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.97.0.tgz",
|
"resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.94.5.tgz",
|
||||||
"integrity": "sha512-QdpLP5VzVMgo4VtaPppRA2W04UFjIqX+bxke/ZJhE5cfd5UPkRzqIAJQt9uXkQJjqE8LBOMbKv7f8HCsZltXlg==",
|
"integrity": "sha512-Vx1JJiBURW/wdNGP45afjrqn0LfxYwL7K/bSrQvNRtyLGF1bxQPgUXCpzscG29e+UeFOh9hz1KOVala0N+bZiA==",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"funding": {
|
"funding": {
|
||||||
"type": "github",
|
"type": "github",
|
||||||
@@ -1827,12 +1827,12 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"node_modules/@tanstack/react-query": {
|
"node_modules/@tanstack/react-query": {
|
||||||
"version": "5.97.0",
|
"version": "5.94.5",
|
||||||
"resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.97.0.tgz",
|
"resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.94.5.tgz",
|
||||||
"integrity": "sha512-y4So4eGcQoK2WVMAcDNZE9ofB/p5v1OlKvtc1F3uqHwrtifobT7q+ZnXk2mRkc8E84HKYSlAE9z6HXl2V0+ySQ==",
|
"integrity": "sha512-1wmrxKFkor+q8l+ygdHmv0Sq5g84Q3p4xvuJ7AdSIAhQQ7udOt+ZSZ19g1Jea3mHqtlTslLGJsmC4vHFgP0P3A==",
|
||||||
"license": "MIT",
|
"license": "MIT",
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@tanstack/query-core": "5.97.0"
|
"@tanstack/query-core": "5.94.5"
|
||||||
},
|
},
|
||||||
"funding": {
|
"funding": {
|
||||||
"type": "github",
|
"type": "github",
|
||||||
|
|||||||
@@ -21,7 +21,7 @@
|
|||||||
"@dnd-kit/utilities": "3.2.2",
|
"@dnd-kit/utilities": "3.2.2",
|
||||||
"@supabase/supabase-js": "^2.99.3",
|
"@supabase/supabase-js": "^2.99.3",
|
||||||
"@tailwindcss/typography": "^0.5.19",
|
"@tailwindcss/typography": "^0.5.19",
|
||||||
"@tanstack/react-query": "5.97.0",
|
"@tanstack/react-query": "5.94.5",
|
||||||
"react": "19.2.4",
|
"react": "19.2.4",
|
||||||
"react-dom": "19.2.4",
|
"react-dom": "19.2.4",
|
||||||
"react-markdown": "^10.1.0",
|
"react-markdown": "^10.1.0",
|
||||||
|
|||||||
Reference in New Issue
Block a user