diff --git a/api/web_routes.py b/api/web_routes.py index a109281..93df4d6 100644 --- a/api/web_routes.py +++ b/api/web_routes.py @@ -1218,6 +1218,7 @@ async def get_episode_date_options(dependencies: dict, imdb_id: str, season: int def register_web_routes(app, dependencies): """Register all web API routes with FastAPI app""" + from fastapi import Request, Response # Dashboard and stats endpoints @app.get("/api/dashboard") @@ -1291,9 +1292,33 @@ def register_web_routes(app, dependencies): # Authentication endpoints (for web interface compatibility) @app.get("/api/auth/status") - async def api_auth_status(): - return {"authenticated": False, "username": None} # Simplified for now + async def api_auth_status(request: Request): + """Check authentication status""" + auth_enabled = dependencies.get("auth_enabled", False) + + if not auth_enabled: + return {"authenticated": True, "auth_enabled": False, "message": "Authentication disabled"} + + session_manager = dependencies.get("session_manager") + if not session_manager: + return {"authenticated": False, "auth_enabled": True, "message": "Session manager not available"} + + session_token = request.cookies.get("nfoguard_session") + if session_token: + username = session_manager.get_session_user(session_token) + if username: + return {"authenticated": True, "auth_enabled": True, "username": username} + + return {"authenticated": False, "auth_enabled": True, "message": "Not authenticated"} @app.post("/api/auth/logout") - async def api_auth_logout(): - return {"status": "success", "message": "Logged out"} \ No newline at end of file + async def api_auth_logout(request: Request, response: Response): + """Logout endpoint - clears session""" + session_manager = dependencies.get("session_manager") + if session_manager: + session_token = request.cookies.get("nfoguard_session") + if session_token: + session_manager.delete_session(session_token) + + response.delete_cookie("nfoguard_session") + return {"status": "logged_out", "message": "Session cleared"} \ No newline at end of file diff --git a/start_web.py b/start_web.py index b77ba63..f7bb688 100644 --- a/start_web.py +++ b/start_web.py @@ -19,6 +19,9 @@ from core.database import NFOGuardDatabase # Import web routes from existing system from api.web_routes import register_web_routes +# Import authentication system +from api.auth import SimpleAuthMiddleware, AuthSession + def create_web_app() -> FastAPI: """Create FastAPI web application""" @@ -84,18 +87,36 @@ def main(): print(f"❌ Failed to connect to database: {e}") sys.exit(1) + # Setup authentication if enabled + auth_enabled = getattr(config, 'web_auth_enabled', False) + session_manager = None + + if auth_enabled: + session_timeout = getattr(config, 'web_auth_session_timeout', 3600) + session_manager = AuthSession(timeout_seconds=session_timeout) + print(f"🔐 Web authentication enabled (session timeout: {session_timeout}s)") + else: + print("🌐 Web authentication disabled") + # Create dependencies for dependency injection (simplified for web-only) dependencies = { "db": db, "config": config, "nfo_manager": None, # Not needed for read-only web interface "movie_processor": None, # Not needed for read-only web interface - "tv_processor": None # Not needed for read-only web interface + "tv_processor": None, # Not needed for read-only web interface + "auth_enabled": auth_enabled, + "session_manager": session_manager } # Setup static files and routes setup_static_files(app) + # Add authentication middleware if enabled + if auth_enabled: + app.add_middleware(SimpleAuthMiddleware, dependencies=dependencies) + print("🔐 Authentication middleware added to web interface") + # Register web routes register_web_routes(app, dependencies)