Merge branch 'login' of https://github.com/logspace-ai/langflow into login

2023-08-29 11:46:52 -03:00 · 2023-08-29 11:46:52 -03:00 · 27455cbd77
commit 27455cbd77
parent 3e55e5f394 8c77613f72
2 changed files with 29 additions and 17 deletions
--- a/src/backend/langflow/services/auth/utils.py
+++ b/src/backend/langflow/services/auth/utils.py
@ -269,7 +269,7 @@ def create_refresh_token(refresh_token: str, db: Session = Depends(get_session))

 def authenticate_user(
    username: str, password: str, db: Session = Depends(get_session)
-) -> User | None:
+) -> Optional[User]:
    user = get_user_by_username(db, username)

    if not user:
--- a/src/frontend/src/controllers/API/api.tsx
+++ b/src/frontend/src/controllers/API/api.tsx
@ -63,28 +63,40 @@ function ApiInterceptor() {
      }
    );

+    const isAuthorizedURL = (url) => {
+      const authorizedDomains = [
+        "https://raw.githubusercontent.com/logspace-ai/langflow_examples/main/examples",
+        "https://api.github.com/repos/logspace-ai/langflow_examples/contents/examples",
+        "https://api.github.com/repos/logspace-ai/langflow",
+        "auto_login",
+      ];
+
+      const authorizedEndpoints = ["auto_login"];
+
+      try {
+        const parsedURL = new URL(url);
+
+        const isDomainAllowed = authorizedDomains.some(
+          (domain) => parsedURL.origin === new URL(domain).origin
+        );
+        const isEndpointAllowed = authorizedEndpoints.some((endpoint) =>
+          parsedURL.pathname.includes(endpoint)
+        );
+
+        return isDomainAllowed || isEndpointAllowed;
+      } catch (e) {
+        // Invalid URL
+        return false;
+      }
+    };
+
    // Request interceptor to add access token to every request
    const requestInterceptor = api.interceptors.request.use(
      (config) => {
-        if (accessToken) {
+        if (accessToken && !isAuthorizedURL(config?.url)) {
          config.headers["Authorization"] = `Bearer ${accessToken}`;
        }

-        if (
-          config?.url?.includes(
-            "https://raw.githubusercontent.com/logspace-ai/langflow_examples/main/examples"
-          ) ||
-          config?.url?.includes(
-            "https://api.github.com/repos/logspace-ai/langflow_examples/contents/examples"
-          ) ||
-          config?.url?.includes(
-            "https://api.github.com/repos/logspace-ai/langflow"
-          ) ||
-          config?.url?.includes("auto_login")
-        ) {
-          delete config.headers["Authorization"];
-        }
-
        return config;
      },
      (error) => {