Merge: Phase B security fixes
This commit is contained in:
commit
56e65bb8a8
3 changed files with 6 additions and 5 deletions
|
|
@ -16,7 +16,7 @@ ENV PYTHONDONTWRITEBYTECODE=1 \
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY backend/requirements.txt .
|
COPY backend/requirements.txt .
|
||||||
RUN pip install -r requirements.txt
|
RUN pip install --upgrade pip && pip install -r requirements.txt
|
||||||
|
|
||||||
COPY backend/ .
|
COPY backend/ .
|
||||||
COPY --from=frontend /fe/dist ./app/static_spa
|
COPY --from=frontend /fe/dist ./app/static_spa
|
||||||
|
|
|
||||||
|
|
@ -213,13 +213,14 @@ def current_user(request: Request, db: Session = Depends(get_db)) -> User:
|
||||||
|
|
||||||
@router.get("/upgrade")
|
@router.get("/upgrade")
|
||||||
async def upgrade(
|
async def upgrade(
|
||||||
request: Request, access: str = "write", user: User = Depends(current_user)
|
request: Request, access: str = "read", user: User = Depends(current_user)
|
||||||
):
|
):
|
||||||
"""Incremental consent for the onboarding wizard. `access=read` grants YouTube
|
"""Incremental consent for the onboarding wizard. `access=read` grants YouTube
|
||||||
read-only (enough to build the feed); `access=write` additionally grants management
|
read-only (enough to build the feed); `access=write` additionally grants management
|
||||||
(unsubscribe). The shared callback stores whatever Google returns, so `can_read` /
|
(unsubscribe). The shared callback stores whatever Google returns, so `can_read` /
|
||||||
`can_write` flip on once granted."""
|
`can_write` flip on once granted. Anything other than an explicit `write` defaults to
|
||||||
scope = READ_SCOPES if access == "read" else WRITE_SCOPES
|
the least-privileged read scope."""
|
||||||
|
scope = WRITE_SCOPES if access == "write" else READ_SCOPES
|
||||||
return await oauth.google.authorize_redirect(
|
return await oauth.google.authorize_redirect(
|
||||||
request,
|
request,
|
||||||
settings.oauth_redirect_url,
|
settings.oauth_redirect_url,
|
||||||
|
|
|
||||||
|
|
@ -11,4 +11,4 @@ feedparser>=6.0,<7.0
|
||||||
apscheduler>=3.10,<4.0
|
apscheduler>=3.10,<4.0
|
||||||
py3langid>=0.3,<1.0
|
py3langid>=0.3,<1.0
|
||||||
itsdangerous>=2.1,<3.0
|
itsdangerous>=2.1,<3.0
|
||||||
cryptography>=42,<46
|
cryptography>=46.0.7,<47
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue