fix: load configuration from config.json and fix authentication

- Load anime_directory and master_password_hash from config.json on startup - Sync configuration from config.json to settings object in fastapi_app.py - Update dependencies.py to load config from JSON if not in environment - Fix app.js to use makeAuthenticatedRequest() for all authenticated API calls - Fix API endpoint paths from /api/v1/anime to /api/anime - Update auth_service.py to load master_password_hash from config.json - Update auth.py setup endpoint to save master_password_hash to config - Fix rate limiting code to satisfy type checker - Update config.json with test master password hash Fixes: - 401 Unauthorized errors on /api/anime endpoint - 503 Service Unavailable errors on /api/anime/process/locks - Configuration not being loaded from config.json file - Authentication flow now works end-to-end with JWT tokens
2025-10-24 20:55:10 +02:00
parent 4e08d81bb0
commit a3651e0e47
6 changed files with 148 additions and 36 deletions
--- a/src/server/services/auth_service.py
+++ b/src/server/services/auth_service.py
@@ -45,7 +45,26 @@ class AuthService:
    """

    def __init__(self) -> None:
-        self._hash: Optional[str] = settings.master_password_hash
+        # Try to load master password hash from config file first
+        # If not found, fallback to environment variable
+        self._hash: Optional[str] = None
+        
+        # Try loading from config file
+        try:
+            from src.server.services.config_service import get_config_service
+            config_service = get_config_service()
+            config = config_service.load_config()
+            hash_val = config.other.get('master_password_hash')
+            if isinstance(hash_val, str):
+                self._hash = hash_val
+        except Exception:
+            # Config doesn't exist or can't be loaded - that's OK
+            pass
+        
+        # If not in config, try environment variable
+        if not self._hash:
+            self._hash = settings.master_password_hash
+        
        # In-memory failed attempts per identifier. Values are dicts with
        # keys: count, last, locked_until
        # WARNING: In-memory storage resets on process restart.
@@ -81,7 +100,7 @@ class AuthService:
    def is_configured(self) -> bool:
        return bool(self._hash)

-    def setup_master_password(self, password: str) -> None:
+    def setup_master_password(self, password: str) -> str:
        """Set the master password (hash and store in memory/settings).

        Enforces strong password requirements:
@@ -91,12 +110,15 @@ class AuthService:
        - At least one special character

        For now we update only the in-memory value and
-        settings.master_password_hash. A future task should persist this
-        to a config file.
+        settings.master_password_hash. Caller should persist the returned
+        hash to a config file.
        
        Args:
            password: The password to set
            
+        Returns:
+            str: The hashed password
+            
        Raises:
            ValueError: If password doesn't meet requirements
        """
@@ -129,6 +151,8 @@ class AuthService:
        except Exception:
            # Settings may be frozen or not persisted - that's okay for now
            pass
+        
+        return h

    # --- failed attempts and lockout ---
    def _get_fail_record(self, identifier: str) -> Dict: