Fix API authentication - set g.user_id in auth decorators

The /api/wallet endpoint was returning 401 because it checks g.user_id but the auth decorators only set request.current_user. Now both are set. - Fixed require_auth decorator in auth.py to set g.user_id - Fixed get_api_auth_decorator in routes.py to set g.user_id

Fix API authentication - set g.user_id in auth decorators
The /api/wallet endpoint was returning 401 because it checks g.user_id but the auth decorators only set request.current_user. Now both are set. - Fixed require_auth decorator in auth.py to set g.user_id - Fixed get_api_auth_decorator in routes.py to set g.user_id
a63cf4e8 · Stefy Lanza (nextime / spora ) · 7ce5c087 · a63cf4e8 · a63cf4e8
Commit a63cf4e8 authored Feb 22, 2026 by Stefy Lanza (nextime / spora )
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

auth.py mbetterclient/web_dashboard/auth.py +5 -0

routes.py mbetterclient/web_dashboard/routes.py +4 -0

No files found.
--- a/mbetterclient/web_dashboard/auth.py
+++ b/mbetterclient/web_dashboard/auth.py
@@ -639,6 +639,7 @@ class AuthManager:
                        'is_admin': True,
                        'role': 'admin'
                    }
+                    g.user_id = 0
                    return func(*args, **kwargs)
                if auth_header and auth_header.startswith('Bearer '):
@@ -650,6 +651,7 @@ class AuthManager:
                    if payload:
                        print(f"AUTH_DECORATOR: JWT token verified for user: {payload.get('username')}")
                        request.current_user = payload
+                        g.user_id = payload.get('user_id')
                        return func(*args, **kwargs)
                    else:
                        print("AUTH_DECORATOR: JWT token verification failed")
@@ -659,6 +661,7 @@ class AuthManager:
                    if api_data:
                        print(f"AUTH_DECORATOR: API token verified for user: {api_data.get('username')}")
                        request.current_user = api_data
+                        g.user_id = api_data.get('user_id')
                        return func(*args, **kwargs)
                    else:
                        print("AUTH_DECORATOR: API token verification failed")
@@ -668,6 +671,7 @@ class AuthManager:
                    if api_key_data:
                        print(f"AUTH_DECORATOR: API key verified for user: {api_key_data.get('username')}")
                        request.current_user = api_key_data
+                        g.user_id = api_key_data.get('user_id')
                        return func(*args, **kwargs)
                    else:
                        print("AUTH_DECORATOR: API key verification failed")
@@ -683,6 +687,7 @@ class AuthManager:
                        'is_admin': current_user.is_admin,
                        'role': getattr(current_user, 'role', 'normal')
                    }
+                    g.user_id = current_user.id
                    return func(*args, **kwargs)
                print("AUTH_DECORATOR: Authentication failed, returning 401")

--- a/mbetterclient/web_dashboard/routes.py
+++ b/mbetterclient/web_dashboard/routes.py
@@ -126,6 +126,10 @@ def get_api_auth_decorator(require_admin=False):
                            'role': getattr(current_user, 'role', 'normal')
                        }
+                        # Set g.user_id for API endpoints that use it
+                        from flask import g
+                        g.user_id = current_user.id
                        # Check admin requirement for web session auth
                        if require_admin:
                            user_role = getattr(current_user, 'role', 'normal')