TDvorak/swingmusic-extended
1
0
Fork 0
mirror of https://github.com/Dvorinka/swingmusic-extended.git synced 2026-06-05 04:53:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

protect settings write routes

Browse Source 
+ prevent updating guest user
+ add docs to whitelisted auth routes
+ fix: sort in get all route
+ fix: folders not having trailing slash in recentlyplayed
This commit is contained in:
mungai-njoroge
2024-05-01 23:44:38 +03:00
parent cfeff7ff51
commit 5d947f3ad9
6 changed files with 37 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
manage.py
+3 -3
View File
@@ -44,7 +44,7 @@ app = create_api()
app.static_folder = get_home_res_path("client")
# INFO: Routes that don't need authentication
blacklist_routes = {"/auth/login", "/auth/users", "/auth/logout"}
whitelisted_routes = {"/auth/login", "/auth/users", "/auth/logout", "/docs"}
blacklist_extensions = {".webp"}.union(getClientFilesExtensions())
@@ -59,9 +59,9 @@ def verify_auth():
return
# if request path starts with any of the blacklisted routes, don't verify jwt
if any(request.path.startswith(route) for route in blacklist_routes):
if any(request.path.startswith(route) for route in whitelisted_routes):
# print(
# "Found blacklisted route: ", request.path, "... Skipping jwt verification"
# "Found whitelisted route: ", request.path, "... Skipping jwt verification"
# )
return