mostly working

Author: mariusandra

.dockerignore

@@ -25,3 +25,4 @@ npm-debug.log
 .env
 .aws
 frameos/nimble.paths
+db

backend/app/api/__init__.py

@@ -1,11 +1,11 @@
 from fastapi import APIRouter
 
-# When using HASSIO_MODE (Home Assistant ingress with automatic login), we make this distinction:
+# When using HASSIO_RUN_MODE (Home Assistant ingress with automatic login), we make this distinction:
 # - api_public: exported to the local network via port 8989, no authentication required
 # - api_no_auth: accessible via Home Assistant ingress (on port 8990) without authentication
 # - api_with_auth: accessible via Home Assistant ingress (on port 8990) without authentication
 
-# When not using HASSIO_MODE (running directly from Docker), we make this distinction:
+# When not using HASSIO_RUN_MODE (running directly from Docker), we make this distinction:
 # - api_public: routes that do not require authentication
 # - api_no_auth: routes that do not require authentication
 # - api_with_auth: routes that can only be accessed by authenticated users

backend/app/api/auth.py

@@ -8,7 +8,7 @@
 from sqlalchemy.orm import Session
 from arq import ArqRedis as Redis
 
-from app.config import get_config
+from app.config import config
 from app.models.user import User
 from app.database import get_db
 from app.redis import get_redis
@@ -17,7 +17,6 @@
 
 from . import api_no_auth
 
-config = get_config()
 SECRET_KEY = config.SECRET_KEY
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 7 * 24 * 60  # 7 days
@@ -35,14 +34,6 @@ def create_access_token(data: dict, expires_delta: Optional[datetime.timedelta]
     return encoded_jwt
 
 async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
-    # if config.HASSIO_MODE == "ingress":
-    #     user = db.query(User).first()
-    #     if user is None:
-    #         user = User(email="[email protected]", password="")
-    #         db.add(user)
-    #         db.commit()
-    #     return user
-
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
         detail="Could not validate credentials",
@@ -63,8 +54,8 @@ async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = De
 
 @api_no_auth.post("/login", response_model=Token)
 async def login(request: Request, form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
-    if config.HASSIO_MODE is not None:
-        raise HTTPException(status_code=401, detail="Login not allowed with HASSIO_MODE")
+    if config.HASSIO_RUN_MODE is not None:
+        raise HTTPException(status_code=401, detail="Login not allowed with HASSIO_RUN_MODE")
     email = form_data.username
     password = form_data.password
     ip = request.client.host
@@ -88,8 +79,8 @@ async def login(request: Request, form_data: OAuth2PasswordRequestForm = Depends
 
 @api_no_auth.post("/signup")
 async def signup(data: UserSignup, db: Session = Depends(get_db)):
-    if config.HASSIO_MODE is not None:
-        raise HTTPException(status_code=401, detail="Signup not allowed with HASSIO_MODE")
+    if config.HASSIO_RUN_MODE is not None:
+        raise HTTPException(status_code=401, detail="Signup not allowed with HASSIO_RUN_MODE")
 
     # Check if there is already a user registered (one-user system)
     if db.query(User).first() is not None:

backend/app/api/frames.py

@@ -26,6 +26,7 @@
     FrameAssetsResponse, FrameCreateRequest, FrameUpdateRequest
 )
 from app.api.auth import ALGORITHM, SECRET_KEY
+from app.config import config
 from app.utils.network import is_safe_host
 from app.redis import get_redis
 from app.config import Config, get_config
@@ -73,12 +74,13 @@ async def get_image_link(id: int, config: Config = Depends(get_config)):
 
 @api_no_auth.get("/frames/{id:int}/image")
 async def api_frame_get_image(id: int, token: str, request: Request, db: Session = Depends(get_db), redis: Redis = Depends(get_redis)):
-    try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-        if payload.get("sub") != f"frame={id}":
+    if config.HASSIO_RUN_MODE != 'ingress':
+        try:
+            payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+            if payload.get("sub") != f"frame={id}":
+                raise HTTPException(status_code=401, detail="Unauthorized")
+        except JWTError:
             raise HTTPException(status_code=401, detail="Unauthorized")
-    except JWTError:
-        raise HTTPException(status_code=401, detail="Unauthorized")
 
     frame = db.get(Frame, id)
     if frame is None:

backend/app/api/templates.py

@@ -13,6 +13,7 @@
 from sqlalchemy.orm import Session
 
 from app.database import get_db
+from app.config import config
 from arq import ArqRedis as Redis
 from app.models.template import Template
 from app.models.frame import Frame
@@ -255,15 +256,13 @@ async def get_image_link(template_id: str, config: Config = Depends(get_config))
 
 @api_no_auth.get("/templates/{template_id}/image")
 async def get_template_image(template_id: str, token: str, request: Request, db: Session = Depends(get_db)):
-    """
-    Access to image is via token. This is how we originally protected direct image access.
-    """
-    try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-        if payload.get("sub") != f"template={template_id}":
+    if config.HASSIO_RUN_MODE != 'ingress':
+        try:
+            payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+            if payload.get("sub") != f"template={template_id}":
+                raise HTTPException(status_code=401, detail="Unauthorized")
+        except JWTError:
             raise HTTPException(status_code=401, detail="Unauthorized")
-    except JWTError:
-        raise HTTPException(status_code=401, detail="Unauthorized")
 
     template = db.get(Template, template_id)
     if not template or not template.image:

backend/app/config.py

@@ -2,6 +2,7 @@
 import secrets
 import uuid
 from dotenv import load_dotenv
+import requests
 
 def get_bool_env(key: str) -> bool:
     return os.environ.get(key, '0').lower() in ['true', '1', 'yes']
@@ -26,12 +27,29 @@ class Config:
     DATABASE_URL = os.environ.get('DATABASE_URL') or 'sqlite:///../db/frameos.db'
     REDIS_URL = os.environ.get('REDIS_URL') or 'redis://localhost:6379/0'
     INSTANCE_ID = INSTANCE_ID
-    HASSIO_MODE = os.environ.get('HASSIO_MODE', None)
-    HASSIO_INGRESS_PATH = os.environ.get('HASSIO_INGRESS_PATH', None)
+    HASSIO_RUN_MODE = os.environ.get('HASSIO_RUN_MODE', None)
+    HASSIO_TOKEN = os.environ.get('HASSIO_TOKEN', None)
+    SUPERVISOR_TOKEN = os.environ.get('SUPERVISOR_TOKEN', None)
+    HOSTNAME = os.environ.get('HOSTNAME', None)
+    base_path = ''
 
-    @property
-    def base_path(self) -> str:
-        return self.HASSIO_INGRESS_PATH or ""
+    def __init__(self):
+        # Get Home Assistant Supervisor Ingress URL
+        if self.HASSIO_RUN_MODE == "ingress" and self.SUPERVISOR_TOKEN:
+            try:
+                headers = {
+                    "Authorization": f"Bearer {self.SUPERVISOR_TOKEN}",
+                    "Content-Type": "application/json",
+                }
+                response = requests.get("http://supervisor/addons/self/info", headers=headers)
+                info = response.json()
+                ingress_url = info.get("data", {}).get("ingress_url")
+                if ingress_url and ingress_url.endswith("/"):
+                    ingress_url = ingress_url[:-1]
+                self.base_path = ingress_url
+                print(f"🟢 Fetched HA ingress URL: {self.base_path}")
+            except Exception as e:
+                print(f"🔴 Failed to get HA ingress URL: {e}")
 
 class DevelopmentConfig(Config):
     DEBUG = True
@@ -53,7 +71,10 @@ class ProductionConfig(Config):
     def __init__(self):
         super().__init__()
         if self.SECRET_KEY is None:
-            raise ValueError('SECRET_KEY must be set in production')
+            if self.HASSIO_TOKEN is not None:
+                self.SECRET_KEY = secrets.token_urlsafe(32)
+            else:
+                raise ValueError('SECRET_KEY must be set in production')
 
 configs = {
     "development": DevelopmentConfig,
@@ -67,3 +88,6 @@ def get_config() -> Config:
     is_dev = get_bool_env('DEBUG')
     config_class = TestConfig if is_test else DevelopmentConfig if is_dev else ProductionConfig
     return config_class()
+
+# Singleton instance
+config = get_config()

backend/app/conftest.py

@@ -9,14 +9,14 @@
 from arq import ArqRedis as Redis  # noqa: E402
 from httpx import AsyncClient  # noqa: E402
 from httpx._transports.asgi import ASGITransport  # noqa: E402
-from app.config import get_config  # noqa: E402
+from app.config import config  # noqa: E402
 from app.fastapi import app  # noqa: E402
 from app.database import SessionLocal, engine, Base  # noqa: E402
 from app.models.user import User  # noqa: E402
 
 @pytest.fixture(autouse=True)
 def setup_and_teardown_db():
-    if not get_config().TEST:
+    if not config.TEST:
         raise ValueError("Tests should only be run with TEST=1 (or via bin/tests) as doing otherwise may wipe your database")
 
     # Create all tables before each test
@@ -35,7 +35,7 @@ async def db():
 
 @pytest_asyncio.fixture
 async def redis():
-    client = Redis.from_url(get_config().REDIS_URL)
+    client = Redis.from_url(config.REDIS_URL)
     try:
         yield client
     finally:

backend/app/database.py

@@ -1,8 +1,7 @@
 from sqlalchemy import create_engine
 from sqlalchemy.orm import declarative_base, sessionmaker
-from app.config import get_config
+from app.config import config
 
-config = get_config()
 engine = create_engine(config.DATABASE_URL)
 SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
 Base = declarative_base()

backend/app/fastapi.py

@@ -13,7 +13,7 @@
 from app.middleware import GzipRequestMiddleware
 
 from app.websockets import register_ws_routes, redis_listener
-from app.config import get_config
+from app.config import config
 from app.utils.sentry import initialize_sentry
 
 @contextlib.asynccontextmanager
@@ -24,34 +24,32 @@ async def lifespan(app: FastAPI):
     # optionally do cleanup here
     task.cancel()
 
-config = get_config()
-
 app = FastAPI(lifespan=lifespan)
 app.add_middleware(GZipMiddleware)
 app.add_middleware(GzipRequestMiddleware)
 
 register_ws_routes(app)
 
-if config.HASSIO_MODE:
-    if config.HASSIO_MODE == "public":
+if config.HASSIO_RUN_MODE:
+    if config.HASSIO_RUN_MODE == "public":
+        app.include_router(api_public, prefix="/api")
+    elif config.HASSIO_RUN_MODE == "ingress":
         app.include_router(api_public, prefix="/api")
-    elif config.HASSIO_MODE == "ingress":
-        app.include_router(api_public, prefix=config.base_path + "/api")
-        app.include_router(api_no_auth, prefix=config.base_path + "/api")
-        app.include_router(api_with_auth, prefix=config.base_path + "/api")
+        app.include_router(api_no_auth, prefix="/api")
+        app.include_router(api_with_auth, prefix="/api")
     else:
-        raise ValueError("Invalid HASSIO_MODE")
+        raise ValueError("Invalid HASSIO_RUN_MODE")
 else:
     app.include_router(api_public, prefix="/api")
     app.include_router(api_no_auth, prefix="/api")
     app.include_router(api_with_auth, prefix="/api", dependencies=[Depends(get_current_user)])
 
-# Serve HTML and static files in all cases except for public HASSIO_MODE
-serve_html = config.HASSIO_MODE != "public"
+# Serve HTML and static files in all cases except for public HASSIO_RUN_MODE
+serve_html = config.HASSIO_RUN_MODE != "public"
 if serve_html:
-    app.mount(config.base_path + "/assets", StaticFiles(directory="../frontend/dist/assets"), name="assets")
-    app.mount(config.base_path + "/img", StaticFiles(directory="../frontend/dist/img"), name="img")
-    app.mount(config.base_path + "/static", StaticFiles(directory="../frontend/dist/static"), name="static")
+    app.mount("/assets", StaticFiles(directory="../frontend/dist/assets"), name="assets")
+    app.mount("/img", StaticFiles(directory="../frontend/dist/img"), name="img")
+    app.mount("/static", StaticFiles(directory="../frontend/dist/static"), name="static")
 
     # Public config for the frontend
     frameos_app_config = {}
@@ -64,25 +62,20 @@ async def lifespan(app: FastAPI):
         else:
             raise
 
-    if config.HASSIO_MODE:
-        frameos_app_config["HASSIO_MODE"] = config.HASSIO_MODE
+    if config.HASSIO_RUN_MODE:
+        frameos_app_config["HASSIO_RUN_MODE"] = config.HASSIO_RUN_MODE
     if config.base_path:
         frameos_app_config["base_path"] = config.base_path
-        index_html = index_html.replace('<base href="/">', f'<base href="{config.base_path}/">')
+
     index_html = index_html.replace('<head>', f'<head><script>window.FRAMEOS_APP_CONFIG={json.dumps(frameos_app_config)}</script>')
 
-    @app.get(config.base_path + "/")
+    @app.get("/")
     async def read_index():
         return HTMLResponse(index_html)
 
-    if config.base_path:
-        @app.get(config.base_path)
-        async def read_index():
-            return HTMLResponse(index_html)
-
     @app.exception_handler(StarletteHTTPException)
     async def custom_404_handler(request: Request, exc: StarletteHTTPException):
-        if os.environ.get("TEST") == "1" or exc.status_code != 404 or (config.base_path and not request.url.path.startswith(config.base_path)):
+        if os.environ.get("TEST") == "1" or exc.status_code != 404:
             return JSONResponse(
                 status_code=exc.status_code,
                 content={"detail": exc.detail or f"Error {exc.status_code}"}
@@ -100,8 +93,8 @@ async def validation_exception_handler(request: Request, exc: RequestValidationE
 
 if __name__ == '__main__':
     # run migrations
-    if get_config().DEBUG:
-        database_url = get_config().DATABASE_URL
+    if config.DEBUG:
+        database_url = config.DATABASE_URL
         if database_url.startswith("sqlite:///../db/"):
             os.makedirs('../db', exist_ok=True)
     # start server

backend/app/redis.py

@@ -1,9 +1,9 @@
 from arq import ArqRedis
 from arq.connections import ConnectionPool
-from app.config import get_config
+from app.config import config
 
 def create_redis_connection():
-    pool = ConnectionPool.from_url(get_config().REDIS_URL)
+    pool = ConnectionPool.from_url(config.REDIS_URL)
     return ArqRedis(pool)
 
 async def get_redis():