Fix redirect URLs for reverse proxy

- Add URL_PREFIX for all redirect URLs - Redirects now go to /solventum-image-metadata-back/login instead of /login Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-06 22:32:54 +00:00 · 2026-02-06 22:32:54 +00:00 · a1ddf28108
commit a1ddf28108
parent 26095be769
2 changed files with 12 additions and 8 deletions
--- a/src/auth.py
+++ b/src/auth.py
@ -13,6 +13,9 @@ logger = get_logger(__name__)
 # Initialize database
 db = Database()

+# URL prefix for reverse proxy (e.g., '/solventum-image-metadata-back')
+URL_PREFIX = os.getenv('URL_PREFIX', '/solventum-image-metadata-back')
+

 def login_required(f):
    """
@ -27,8 +30,8 @@ def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user_id' not in session:
-            # Save the original URL to redirect after login
-            return redirect(url_for('login', next=request.url))
+            # Redirect to login with reverse proxy prefix
+            return redirect(f'{URL_PREFIX}/login')

        # Check if session is still valid in database
        session_id = session.get('session_id')
@ -37,7 +40,7 @@ def login_required(f):
            if not db_session:
                # Session expired or invalid
                session.clear()
-                return redirect(url_for('login', next=request.url))
+                return redirect(f'{URL_PREFIX}/login')

        return f(*args, **kwargs)
    return decorated_function
--- a/web_app.py
+++ b/web_app.py
@ -57,6 +57,8 @@ app.config['MAX_CONTENT_LENGTH'] = 500 * 1024 * 1024  # 500MB max file size
 # Reverse proxy configuration
 # ProxyFix handles X-Forwarded-* headers from Apache/nginx reverse proxy
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
+# URL prefix for reverse proxy redirects
+URL_PREFIX = os.getenv('URL_PREFIX', '/solventum-image-metadata-back')
 # APPLICATION_ROOT sets cookie path for reverse proxy setups
 app.config['APPLICATION_ROOT'] = os.getenv('APPLICATION_ROOT', '/solventum-image-metadata-back')

@ -212,9 +214,8 @@ def login():
                session['username'] = user['username']
                session['session_id'] = session_id

-                # Redirect to original destination or home
-                next_url = request.args.get('next', url_for('index'))
-                return redirect(next_url)
+                # Redirect to home page with reverse proxy prefix
+                return redirect(f'{URL_PREFIX}/')
            else:
                return render_template('login.html', error='Failed to create session', sso_enabled=is_sso_enabled())
        else:
@ -240,7 +241,7 @@ def logout():
        destroy_user_session(session_id, user_id)

    session.clear()
-    return redirect(url_for('login'))
+    return redirect(f'{URL_PREFIX}/login')


@app.route('/login/microsoft')
@ -301,7 +302,7 @@ def auth_callback():
                    session['username'] = user['username']
                    session['session_id'] = session_id

-                    return redirect(url_for('index'))
+                    return redirect(f'{URL_PREFIX}/')

    return render_template('login.html', error='SSO authentication failed', sso_enabled=is_sso_enabled())