How to ensure authentication for static files in NiceGUI #3403
Unanswered
Daniel-Fei
asked this question in
Q&A
Replies: 2 comments
-
Hi @Daniel-Fei, The authentication middleware in our "authentication" example only applies to pages: nicegui/examples/authentication/main.py Lines 28 to 33 in ddb95e1 To secure statically served files, you will probably need to modify the if condition. But don't make it too strict, because NiceGUI needs to load its internals (mostly from /_nicegui ).
|
Beta Was this translation helpful? Give feedback.
0 replies
-
I just created #3417 which implements this more restricted behaviour. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Question
I referenced the example code for authentication on the NiceGUI website (https://github.com/zauberzeug/nicegui/blob/main/examples/authentication/main.py) and with the help of ChatGPT, I wrote the following code, which works satisfactorily overall:
This code works well in general. For example, when I visit http://127.0.0.1:8080/xxx, it verifies if the user is logged in; if not, it redirects to the login page.
I added the additional_files subdirectory in my program directory as static_files (using the statement app.add_static_files). This allows me to access/download a PDF file using the URL http://127.0.0.1:8080/additional_files/myFile.pdf.
However, I found that the above PDF URL can bypass the login page. Users can access/download this file even if they are not logged in. I am not sure of the reason, but I feel it should be related to the router code.
Could you please guide me on how to modify the router code so that it checks the user's login status for all levels of URL access? Users should only be able to access files after successful login; otherwise, they should be redirected to the login page.
Thank you very much!
Beta Was this translation helpful? Give feedback.
All reactions