Spaces:

HGKo
/

vision_llm_agent

Running

sunheycho commited on 25 days ago

Commit

f7e6892

1 Parent(s): e8e0147

Fix login redirect loop for all browsers

- Removed @login_required decorator from serve_index_html
- Added manual session validation instead of Flask-Login
- Fixed infinite redirect issue affecting Chrome and Safari
- Direct session checking bypasses Flask-Login authentication issues

Files changed (1) hide show

api.py +26 -6

api.py CHANGED Viewed

@@ -1516,6 +1516,13 @@ def login():
             response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
             response.headers['Pragma'] = 'no-cache'
             response.headers['Expires'] = '0'
             return response
         else:
             error = 'Invalid username or password'
@@ -1743,21 +1750,34 @@ def serve_static(filename):
 # 인덱스 HTML 직접 서빙 (로그인 필요)
 @app.route('/index.html')
-@login_required
 def serve_index_html():
     # 세션 및 쿠키 디버그 정보
     print(f"Request to /index.html - Session data: {dict(session)}")
     print(f"Request to /index.html - Cookies: {request.cookies}")
     print(f"Request to /index.html - User authenticated: {current_user.is_authenticated}")
-    # 인증 확인 (remove fresh login requirement for HF Spaces)
-    if not current_user.is_authenticated:
-        print("User not authenticated, redirecting to login")
         return redirect(url_for('login'))
-    print(f"Serving index.html for authenticated user: {current_user.username} (ID: {current_user.id})")
     # 세션 상태 디버그
-    print(f"Session data: user_id={session.get('user_id')}, username={session.get('username')}, is_permanent={session.get('permanent', False)}")
     # 세션 만료를 의도대로 유지하기 위해 여기서 세션을 갱신하지 않습니다.
     # 주의: 세션에 쓰기(또는 session.modified=True)는 Flask-Session에서 만료시간을 연장할 수 있습니다.

             response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
             response.headers['Pragma'] = 'no-cache'
             response.headers['Expires'] = '0'
+            # Safari-specific cookie handling - ensure session cookie is properly set
+            if 'Safari' in request.headers.get('User-Agent', ''):
+                # Force session cookie to be set with explicit domain
+                response.set_cookie('session', session.sid if hasattr(session, 'sid') else '',
+                                  httponly=True, samesite='Lax', secure=request.is_secure)
             return response
         else:
             error = 'Invalid username or password'
 # 인덱스 HTML 직접 서빙 (로그인 필요)
 @app.route('/index.html')
 def serve_index_html():
     # 세션 및 쿠키 디버그 정보
     print(f"Request to /index.html - Session data: {dict(session)}")
     print(f"Request to /index.html - Cookies: {request.cookies}")
     print(f"Request to /index.html - User authenticated: {current_user.is_authenticated}")
+    # Manual session check instead of @login_required decorator
+    user_id = session.get('user_id')
+    username = session.get('username')
+    if not user_id or not username:
+        print("No session data found, redirecting to login")
+        return redirect(url_for('login'))
+    # Verify user exists
+    user_found = False
+    for stored_username, user_data in users.items():
+        if str(user_data['id']) == str(user_id) and stored_username == username:
+            user_found = True
+            break
+    if not user_found:
+        print(f"User not found: {username} (ID: {user_id}), redirecting to login")
         return redirect(url_for('login'))
+    print(f"Serving index.html for authenticated user: {username} (ID: {user_id})")
     # 세션 상태 디버그
+    print(f"Session data: user_id={user_id}, username={username}, is_permanent={session.get('permanent', False)}")
     # 세션 만료를 의도대로 유지하기 위해 여기서 세션을 갱신하지 않습니다.
     # 주의: 세션에 쓰기(또는 session.modified=True)는 Flask-Session에서 만료시간을 연장할 수 있습니다.