From 1ee80e650d2627de6ece773b3ebcbfda78fd16ef Mon Sep 17 00:00:00 2001 From: Stefan Hacker Date: Sat, 11 Apr 2026 20:39:58 +0200 Subject: [PATCH] fix: Download Token-Fehler - Token als Query-Parameter unterstuetzen Problem: window.location.href sendet keinen Authorization-Header, daher scheiterten alle direkten Downloads (Dateien + Ordner-ZIP) mit 'Token fehlt'. Loesung: - Backend: token_required akzeptiert jetzt auch ?token=... als Query-Parameter (Fallback wenn kein Authorization-Header) - Frontend: downloadUrl() haengt den Access-Token automatisch als Query-Parameter an die Download-URL an Co-Authored-By: Claude Opus 4.6 (1M context) --- backend/app/api/auth.py | 4 ++++ frontend/src/stores/files.js | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py index 8f2f77c..86aca7c 100644 --- a/backend/app/api/auth.py +++ b/backend/app/api/auth.py @@ -40,6 +40,10 @@ def token_required(f): if auth_header.startswith('Bearer '): token = auth_header[7:] + # Fallback: token as query parameter (for direct browser downloads) + if not token: + token = request.args.get('token', '') + if not token: return jsonify({'error': 'Token fehlt'}), 401 diff --git a/frontend/src/stores/files.js b/frontend/src/stores/files.js index 932abf8..89e8dee 100644 --- a/frontend/src/stores/files.js +++ b/frontend/src/stores/files.js @@ -1,6 +1,7 @@ import { defineStore } from 'pinia' import { ref } from 'vue' import apiClient from '../api/client' +import { useAuthStore } from './auth' export const useFilesStore = defineStore('files', () => { const files = ref([]) @@ -72,7 +73,8 @@ export const useFilesStore = defineStore('files', () => { } function downloadUrl(fileId) { - return `/api/files/${fileId}/download` + const auth = useAuthStore() + return `/api/files/${fileId}/download?token=${encodeURIComponent(auth.accessToken || '')}` } return {