Spaces:
Sleeping
Sleeping
msmhmorsi
commited on
Commit
·
a9ad028
1
Parent(s):
98727d0
follow cursor
Browse files- __pycache__/app.cpython-311.pyc +0 -0
- app.py +23 -15
__pycache__/app.cpython-311.pyc
CHANGED
|
Binary files a/__pycache__/app.cpython-311.pyc and b/__pycache__/app.cpython-311.pyc differ
|
|
|
app.py
CHANGED
|
@@ -8,10 +8,16 @@ app = FastAPI()
|
|
| 8 |
app.add_middleware(
|
| 9 |
CORSMiddleware,
|
| 10 |
allow_origins=["https://ancient-time-545042.framer.app"],
|
| 11 |
-
# allow_origins=["*"],
|
| 12 |
allow_credentials=True,
|
| 13 |
-
allow_methods=["GET", "POST", "
|
| 14 |
-
allow_headers=[
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 15 |
)
|
| 16 |
|
| 17 |
@app.get("/")
|
|
@@ -22,29 +28,31 @@ def greet_json(request: Request):
|
|
| 22 |
})
|
| 23 |
return response
|
| 24 |
|
| 25 |
-
@app.options("/auth")
|
| 26 |
-
async def auth_options():
|
| 27 |
-
return Response(status_code=200)
|
| 28 |
-
|
| 29 |
@app.post("/auth")
|
| 30 |
-
async def auth(request: Request
|
| 31 |
data = await request.json()
|
| 32 |
if data.get("username") == "admin" and data.get("password") == "password":
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 33 |
response.set_cookie(
|
| 34 |
key="comfy_session",
|
| 35 |
value="dummy_session_value",
|
| 36 |
httponly=True,
|
| 37 |
-
secure=True,
|
| 38 |
samesite="none", # Required for cross-origin
|
| 39 |
-
|
|
|
|
|
|
|
| 40 |
)
|
| 41 |
-
|
|
|
|
| 42 |
raise HTTPException(status_code=401, detail="Invalid credentials")
|
| 43 |
|
| 44 |
-
@app.options("/protected")
|
| 45 |
-
async def protected_options():
|
| 46 |
-
return Response(status_code=200)
|
| 47 |
-
|
| 48 |
@app.get("/protected")
|
| 49 |
def protected_route(comfy_session: Optional[str] = Cookie(None)):
|
| 50 |
if comfy_session != "dummy_session_value":
|
|
|
|
| 8 |
app.add_middleware(
|
| 9 |
CORSMiddleware,
|
| 10 |
allow_origins=["https://ancient-time-545042.framer.app"],
|
|
|
|
| 11 |
allow_credentials=True,
|
| 12 |
+
allow_methods=["GET", "POST", "OPTIONS"],
|
| 13 |
+
allow_headers=[
|
| 14 |
+
"Content-Type",
|
| 15 |
+
"Authorization",
|
| 16 |
+
"Access-Control-Allow-Credentials",
|
| 17 |
+
"Access-Control-Allow-Origin",
|
| 18 |
+
"Access-Control-Allow-Headers",
|
| 19 |
+
],
|
| 20 |
+
expose_headers=["Set-Cookie"]
|
| 21 |
)
|
| 22 |
|
| 23 |
@app.get("/")
|
|
|
|
| 28 |
})
|
| 29 |
return response
|
| 30 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 31 |
@app.post("/auth")
|
| 32 |
+
async def auth(request: Request):
|
| 33 |
data = await request.json()
|
| 34 |
if data.get("username") == "admin" and data.get("password") == "password":
|
| 35 |
+
# Create response
|
| 36 |
+
response = JSONResponse(
|
| 37 |
+
content={"message": "Authentication successful"},
|
| 38 |
+
status_code=200
|
| 39 |
+
)
|
| 40 |
+
|
| 41 |
+
# Set cookie with correct parameters for cross-origin
|
| 42 |
response.set_cookie(
|
| 43 |
key="comfy_session",
|
| 44 |
value="dummy_session_value",
|
| 45 |
httponly=True,
|
| 46 |
+
secure=True,
|
| 47 |
samesite="none", # Required for cross-origin
|
| 48 |
+
# Don't set domain to allow the cookie to be set on the Framer domain
|
| 49 |
+
max_age=1800, # 30 minutes
|
| 50 |
+
path="/"
|
| 51 |
)
|
| 52 |
+
|
| 53 |
+
return response
|
| 54 |
raise HTTPException(status_code=401, detail="Invalid credentials")
|
| 55 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 56 |
@app.get("/protected")
|
| 57 |
def protected_route(comfy_session: Optional[str] = Cookie(None)):
|
| 58 |
if comfy_session != "dummy_session_value":
|