deploy at 2024-08-25 08:30:53.354677

main.py

@@ -121,13 +121,7 @@ login_redir = RedirectResponse("/login", status_code=303)
 
 
 def user_auth_before(req, sess):
-    # The `auth` key in the request scope is automatically provided
-    # to any handler which requests it, and can not be injected
-    # by the user using query params, cookies, etc, so it should
-    # be secure to use.
-    print(f"Session Data before route: {sess}")
-    auth = req.scope["auth"] = sess.get("auth", None)
-
+    auth = req.scope["auth"] = sess.get("auth", False)
 
 
 spinner_css = Style("""
@@ -184,24 +178,15 @@ class DebugSessionMiddleware(SessionMiddleware):
 # Generate a secure secret key
 SECRET_KEY = secrets.token_urlsafe(32)
 
-# Custom authentication backend
-class SimpleAuthBackend(AuthenticationBackend):
-    async def authenticate(self, request):
-        if "auth" not in request.session:
-            return None
-        return AuthCredentials(["authenticated"]), SimpleUser("admin")
-
-
 # Modify the middleware setup
 middlewares = [
     Middleware(
         SessionMiddleware,
         secret_key=SECRET_KEY,
         max_age=3600,
-        same_site='Lax',  # Try 'Lax' if 'None' doesn't work
-        https_only=False,  # Set to True if your site uses HTTPS
+        same_site='lax',  # Try 'Lax' if 'None' doesn't work
+        https_only=True,  # Set to True if your site uses HTTPS
     ),
-    Middleware(AuthenticationMiddleware, backend=SimpleAuthBackend()),
 ]
 
 bware = Beforeware(
@@ -211,24 +196,15 @@ bware = Beforeware(
         r"/static/.*",
         r".*\.css",
         r".*\.js",
-        "/",
-        "/login",
-        "/search",
-        "/document/.*",
-        "/expand/.*",
-        "/source",
-        "/about",
-        "/admin",
     ],
 )
 
 app, rt = fast_app(
-    #before=bware,
+    before=bware,
     live=DEV_MODE,
     hdrs=headers,
     middleware=middlewares,
     key_fname=sess_key_path,
-    same_site="None",
 )
 
 # Add this function for debugging
@@ -472,10 +448,10 @@ async def login(request: Request):
         # Set "set-cookie" in header
         response.set_cookie(
             "session",
-            request.session["auth"],
+            request.session,
             max_age=3600,
             httponly=False,
-            samesite='none',  # Try 'Lax' if 'None' doesn't work
+            samesite='none',  # Try 'lax' if 'none' doesn't work
             secure=True,  # Set to True if your site uses HTTPS
         )
         return response
@@ -685,8 +661,9 @@ def download_csv(request: Request):
 
 @app.route("/admin")
 async def admin(request: Request):
-    auth = request.cookies.get("session", None)
-    if auth is None:
+    auth = request.session.get("auth", False)
+    if not auth:
+        print(f"Not authenticated: {auth}")
         return RedirectResponse("/login", status_code=303)
     
     page = int(request.query_params.get("page", 1))
@@ -765,7 +742,7 @@ async def admin(request: Request):
 
     return (
         Title("Admin"),
-        get_navbar(request.user.is_authenticated),
+        get_navbar(auth),
         Main(
             Div(
                 A(