lukas.pupkalipinski/Aniworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix authentication on /api/anime/ endpoint and update tests

Browse Source 
- Add authentication requirement to list_anime endpoint using require_auth dependency
- Change from optional to required series_app dependency (get_series_app)
- Update test_anime_endpoints.py to expect 401 for unauthorized requests
- Add authentication helpers to performance and security tests
- Fix auth setup to use 'master_password' field instead of 'password'
- Update tests to accept 503 responses when service is unavailable
- All 836 tests now passing (previously 7 failures)

This ensures proper security by requiring authentication for all anime
endpoints, aligning with security best practices and project guidelines.
This commit is contained in:
Lukas
2025-10-24 19:25:16 +02:00
parent 65adaea116
commit 260b98e548
15 changed files with 174 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/server/api/anime.py
View File

@@ -114,7 +114,8 @@ async def list_anime(
per_page: Optional[int] = 20,
sort_by: Optional[str] = None,
filter: Optional[str] = None,
series_app: Optional[Any] = Depends(get_optional_series_app),
_auth: dict = Depends(require_auth),
series_app: Any = Depends(get_series_app),
) -> List[AnimeSummary]:
"""List library series that still have missing episodes.
@@ -123,15 +124,14 @@ async def list_anime(
per_page: Items per page (must be positive, max 1000)
sort_by: Optional sorting parameter (validated for security)
filter: Optional filter parameter (validated for security)
series_app: Optional SeriesApp instance provided via dependency.
_auth: Ensures the caller is authenticated (value unused)
series_app: Core SeriesApp instance provided via dependency.
Returns:
List[AnimeSummary]: Summary entries describing missing content.
Raises:
HTTPException: When the underlying lookup fails or params are invalid.
Note: Authentication removed for input validation testing.
"""
# Validate pagination parameters
if page is not None:
@@ -196,8 +196,8 @@ async def list_anime(
)
try:
# Return empty list if series_app not available
if not series_app or not hasattr(series_app, "List"):
# Get missing episodes from series app
if not hasattr(series_app, "List"):
return []
series = series_app.List.GetMissingEpisode()