From b0bc2078fb1e70607879d82ce96e3a488bc41f69 Mon Sep 17 00:00:00 2001 From: Rodja Trappe Date: Wed, 31 Jul 2024 17:13:55 +0200 Subject: [PATCH] restrict access to all routes (except /_nicegui) (#3417) --- examples/authentication/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/authentication/main.py b/examples/authentication/main.py index 1b7959310..7538d6e03 100755 --- a/examples/authentication/main.py +++ b/examples/authentication/main.py @@ -11,7 +11,7 @@ from fastapi.responses import RedirectResponse from starlette.middleware.base import BaseHTTPMiddleware -from nicegui import Client, app, ui +from nicegui import app, ui # in reality users passwords would obviously need to be hashed passwords = {'user1': 'pass1', 'user2': 'pass2'} @@ -27,7 +27,7 @@ class AuthMiddleware(BaseHTTPMiddleware): async def dispatch(self, request: Request, call_next): if not app.storage.user.get('authenticated', False): - if request.url.path in Client.page_routes.values() and request.url.path not in unrestricted_page_routes: + if not request.url.path.startswith('/_nicegui') and request.url.path not in unrestricted_page_routes: app.storage.user['referrer_path'] = request.url.path # remember where the user wanted to go return RedirectResponse('/login') return await call_next(request)